European Parliament reports data breach of its recruitment application

The European Parliament is reporting a data breach in its recruitment application - PEOPLE, used for hiring non-permanent staff such as interns, consultants, contract agents, and assistants. The application is external and hosted in Luxembourg.

The breach was confirmed on April 25, following assessments by the Parliament’s cybersecurity specialists, and was communicated internally by Kristian Knudsen, a director-general at the European Parliament, on May 6.

The Parliament’s infrastructure was not directly compromised. The PEOPLE application has since been deactivated, and vulnerabilities are being addressed. No details about the nature of the attack are disclosed, but it's likely that they have stemmed from software vulnerabilities.

Compromised data may include sensitive personal information, although the specific details of the data affected are still under review by the competent services. Affected employees will be notified of the breach’s implications as the investigation continues.

Staff members have been advised to reset passwords for all Parliament applications and to exercise caution when dealing with communications from unfamiliar sources.