LONDON – Around 2,000 people were targeted by email scams after the alleged hacking of senior Labor MP Florence Eshalomi’s staff.
The email contained a malicious file — identified by the Congressional Digital Service as a phishing attack — that attempted to access documents for other accounts, according to an email seen by POLITICO, which was sent by Eshalomi to those targeted in the days following last week’s breach.
Westminster journalists and public affairs professionals were among those alerted to the suspected attack.
Eshalomi, who chairs the House of Commons house committee, told POLITICO he believes a senior staffer’s account was compromised after he opened a similar file sent by an outside organization that was also compromised.
The Labor MP said he did not know how many people may have been affected, but a staff member of another MP visited his office last week “because their account was also hacked.”
It took three days for those targeted to be notified after the initial breach. Eshalomi said they were only able to identify the recipients of the phishing email after Westminster’s digital team regained access to the accounts.
One person who received the fake email, who did not want to be named to discuss a sensitive matter, said the grammar used by the suspected hacker in the email was good, and they avoided opening the malicious file simply because they had never spoken to an employee before and “it all felt weird.”
While Eshalomi believes the hackers took a “scattergun” approach to those who contacted them, he expressed concern over the perceived complexity of the scheme. Those who responded to the original email with concerns about its legitimacy received reassuring responses from suspected hackers that it was safe.
It is unclear who was responsible for the attack, or if they released information from the account during the breach.
A series of cyber attacks on Westminster bodies have taken place in recent years. In 2024, the British government said an unidentified Chinese government hacking group was behind a cyber attack on the Electoral Commission – the body responsible for policing the UK’s electoral system.
As chair of the Homes, Communities and Local Government select committee, Eshalomi is currently leading a review of the UK government’s proposals to strengthen electoral laws and tackle hostile threats. But he said there was no evidence to suggest the attack was directly linked to his position.
A spokeswoman for parliament declined to comment on individual cases, but insisted the body has “effective measures” to help Westminster staff manage their digital security.
