As many as 90 accounts hit by cyberattack on British parliament

The Houses of Parliament in London where the cyberattack occurred is seen in a file photo.
The Houses of Parliament in London where the cyberattack occurred is seen in a file photo.PHOTO: AFP

LONDON (AFP) - A "sustained and determined" cyberattack on Britain's parliament compromised up to 90 email accounts, a parliamentary spokesman said Sunday (June 25).

The National Crime Agency said it was investigating "a possible cyber incident affecting parliament", which raised fears of blackmail threats against some of the 9,000 parliamentary email account holders.

"Investigations are ongoing, but it has become clear that significantly fewer than one percent of the 9,000 accounts on the parliamentary network have been compromised," the parliamentary spokesman told the Press Association.

"As they are identified, the individuals whose accounts have been compromised have been contacted and investigations to determine whether any data has been lost are under way," he added.

Parliament shut down external access to email accounts on Saturday as it battled what officials called a "sustained and determined" attack.

The threat followed reports in British media, including the Times, that hackers were selling passwords for MPs online. Security was so lax that even a worker in a McDonald's branch across the road knew the password for Parliament's WiFi network, the Daily Mail reported.

Concerns have also been raised over the management of the system with digital director Rob Greig taking 10 hours to warn MPs of the potential breach, the paper said.

A Whitehall source claimed to the Sunday Times: 'When he arrived he had no knowledge of security. The WiFi password was known to the guy in McDonald's across Westminster Bridge. Things have got better, but he's not an expert in security."

A global ransomware attack last month hit hundreds of thousands of computers, including hospitals in Britain that were forced to shut down, divert emergency cases and postpone operations.

The so-called WannaCry ransomware locked access to user files and in an on-screen message demanded payment of $300 ($416) in the virtual currency Bitcoin in order to decrypt the files.