The personal data of 3,191 congressional staffers has been exposed on the dark web, according to a report from internet security firm Proton. The leaked data includes passwords, IP addresses, and details from social media platforms.
Proton's research shows that many of these breaches occurred because staffers used their official email addresses to sign up for various services, including high-risk sites like dating and adult websites, which were later compromised. “This situation highlights a critical security lapse, where sensitive work-related emails became entangled with less secure, third-party platforms,” Proton said.
In collaboration with Constella Intelligence, Proton identified 1,848 passwords linked to the political staffers, now circulating in dark web markets. One staffer had 31 passwords exposed.
“The volume of exposed accounts among U.S. political staffers is alarming, and the potential consequences of compromised accounts could be severe,” said Proton’s head of account security, Eamonn Maguire. He emphasized the need for vigilance and stringent security measures to protect both personal and national security.
The Switzerland-based company estimated that nearly 1 in 5 congressional staffers have their data visible online, with almost 300 staffers appearing in more than 10 different leaks. Proton has contacted all affected staffers to inform them of the exposure. The company clarified that none of the leaks involved its own encrypted services.
Proton plans to release more details in a blog post this week, as the cybersecurity practices of political staffers become even more critical with the upcoming U.S. presidential election.
