Personal Data Of Congressional Staffers Leaked On The Dark Web

A study by the security firm Proton revealed on Tuesday that personal information for approximately 3,191 congressional staffers has been leaked on the dark web, as first reported by The Washington Times (TWT).

The leaked data includes passwords, IP addresses, and details from various social media platforms.

TWT reports that many of these leaks likely resulted from staffers using their official email addresses to register for various services, including high-risk sites such as dating and adult websites, which later suffered data breaches.

“This situation highlights a critical security lapse, where sensitive work-related emails became entangled with less secure, third-party platforms,” Proton said in a statement to TWT.

Proton, in collaboration with Constella Intelligence, discovered 1,848 passwords belonging to political staffers available on the dark web. Alarmingly, one staffer had 31 passwords exposed, as reported by TWT.

“The volume of exposed accounts among U.S. political staffers is alarming, and the potential consequences of compromised accounts could be severe,” noted Eamonn Maguire, head of account security at Proton noted, as reported by TWT.

Proton estimates that nearly 1 in 5 congressional staffers has their information visible online, with approximately 300 staffers exposed in over 10 separate leaks, notes TWT.

The firm has reached out to all affected individuals to alert them, clarifying that the exposed information is unrelated to its services, which include encrypted email accounts and password managers, said TWT.

In addition to this breach, a broader investigation by Proton and Constella published on Tuesday exposed over 4,000 political figures from the U.K., EU, U.S., and France. In May 2024, the initial search revealed that around 40% of official emails from British, EU, and French politicians had been compromised.

British MPs were the most exposed, with 68% of their email addresses found on the dark web, followed by 44% of EU MEPs and 18% of French deputies and senators. The investigation expanded in September 2024 to include U.S. political staffers, with 20% of them found to have leaked email addresses.

In total, 2,545 passwords were discovered in plain text across all researched regions, raising significant concerns about cybersecurity hygiene, particularly if the exposed passwords were reused for official accounts.

Proton states that this issue could result in severe consequences, given that many of these officials and staff hold senior positions with access to highly sensitive government data.

Compounding this event, a report published yesterday by ReliaQuest highlights that advanced persistent threat (APT) groups are likely to disrupt the upcoming U.S. elections through cyberattacks, including hack-and-leak operations.

ReliaQuest advises organizations to adopt a defense-in-depth strategy to mitigate these business-specific risks. This approach should include robust cybersecurity measures, continuous monitoring, and comprehensive employee training.