Using parliamentary emails on third-party services is a violation of cybersecurity rules.
Personal data of nearly half of Finnish parliamentarians can be found on the darknet. This follows a study commissioned by the Swiss technology company Proton.
Members of parliament used their parliamentary emails on third-party services, through which leaks occurred, including home addresses and passwords. This includes, among others, the social network LinkedIn, dating sites, the messenger X, and the service MyHeritage.
Proton's security manager Eamon Maguire pointed out that using parliamentary emails on third-party services is a violation of cybersecurity rules. He particularly noted that email addresses ending in eduskunta.fi are of special interest to cybercriminals.
Proton stated that it has notified all politicians affected by the data leak.
Information security expert Benjamin Sarka does not consider the study's results sensational. Elected representatives are just like everyone else and often use the same username and password across many services.
The head of the parliament's information security department, Ari Apilo, reported that all parliament staff were instructed to use different passwords for other services. For personal matters, they were advised to use different email addresses.
Apilo emphasized that the information security of the parliament was in no way compromised.
<iframe width="560" height="315" src="https://www.youtube.com/embed/mguiIT1j-MA?si=X8QNXJCu4ghCf6pA" title="YouTube video player" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share" referrerpolicy="strict-origin-when-cross-origin" allowfullscreen></iframe>
