Data breach exposes personal information of 3,000+ congressional staffers on dark web

In a major cyberattack targeting Capitol Hill, the personal information of over 3,000 U.S. congressional staffers has been leaked across the dark web, according to an investigation by internet security firm Proton. The findings, reported by The Washington Times, reveal a significant breach of staffers’ data, with more than 1,800 passwords exposed and available online.

 

Proton, a Swiss-based cybersecurity firm, collaborated with U.S.-based Constella Intelligence to uncover the breach. Their investigation found that nearly 20% of congressional staffers had personal information circulating on the dark web, stemming from a variety of sources, including social media, dating apps, and adult websites. The report identified 3,191 staffers as being affected, with one individual’s account showing as many as 31 exposed passwords.

 

According to Proton, many of these leaks occurred because staffers used their official email addresses for personal accounts, including risky platforms later compromised in data breaches. This practice created a significant security risk by linking work-related emails to less secure third-party services.

 

Eamonn Maguire, Proton’s head of account security, highlighted the gravity of the situation, stating, “The volume of exposed accounts among U.S. political staffers is alarming, and the potential consequences of compromised accounts could be severe. Vigilance and strict security measures are essential to safeguard personal and national security.”

 

The firm has contacted the affected staffers to notify them of the breach and is expected to release further details over the coming weeks. Proton emphasized the need for robust cybersecurity practices to ensure the integrity of political systems, especially in the run-up to elections.

 

This breach adds to a string of high-profile cyberattacks this year. In August, a Florida data center faced lawsuits after a separate breach leaked 2.9 billion Social Security records, later sold on the dark web by a cybercriminal group for $3.5 million.