A cyberattack targeting the U.S. Capitol has exposed the personal information of more than 3,000 congressional staffers, with much of their data being leaked onto the dark web. Swiss cybersecurity firm Proton uncovered that Capitol Hill staffers had used their official email addresses to sign up for risky platforms like adult websites and dating apps.
Proton, working with U.S.-based Constella Intelligence, found that 1,800 Capitol Hill passwords were available on the dark web. The report estimated that nearly 1 in 5 staffers had their personal information exposed. The attack is believed to have originated from compromised platforms that Capitol Hill employees used for personal accounts.
In a statement, Proton said that the staffers’ use of official government email addresses on high-risk websites contributed to the breach. These platforms had been compromised in past data breaches, allowing hackers to gain access to the passwords and personal information of Capitol staffers.
One Capitol Hill staffer was found to have 31 different passwords leaked in the attack, with 3,191 total staffers affected by the breach.
The cyberattack is raising concerns about the use of government email addresses for non-work purposes and the potential risks to national security if staffers’ personal data continues to be exposed in future breaches. The investigation highlights the need for improved cybersecurity measures to protect sensitive information from similar attacks.