LONDON — Nearly 2,000 people were targeted with a phishing email after the suspected hack of a staffer of senior Labour MP Florence Eshalomi.
The email contained a malicious file — identified by the Parliamentary Digital Service as a phishing attack — that tried to secure the credentials of other accounts, according to an email seen by POLITICO, which was sent by Eshalomi to those targeted in the days following last week’s breach.
Westminster journalists and public affairs professionals were among those alerted to the suspected attack.
Eshalomi, who is chair of the House of Commons housing committee, told POLITICO she believes a senior staff member’s account was compromised after opening a similar file sent by an external organization that had also been breached.
The Labour MP said she did not know how many people may have fallen victim, but that a staff member of another MP had visited her office last week “because their account had been hacked as well.”
It took three days for those targeted to be alerted after the initial breach. Eshalomi said they were only able to identify the recipients of the phishing email after Westminster’s digital team regained access to the account.
One person who received the bogus email, granted anonymity to discuss a sensitive issue, said the grammar used by the suspected hacker in the email was good, and they had avoided opening the malicious file only because they’d never previously spoken to the staffer and it “all felt weird.”
While Eshalomi believes the suspected hackers took a “scattergun” approach to those contacted, she expressed concern over the apparent sophistication of the scheme. Those who responded to the original email with concerns about its legitimacy received reassuring responses from the suspected attackers that it was safe.
It is unclear who is responsible for the attack, or whether they extracted information from the account during the breach.
A series of cyberattacks on Westminster bodies have taken place in recent years. In 2024, the British government said an unidentified Chinese state-affiliated hacking group was behind a cyberattack on the Electoral Commission — the watchdog responsible for policing the U.K.’s election system.
As chair of the Commons Housing, Communities and Local Government select committee, Eshalomi is currently leading a review of the U.K. government’s proposals to strengthen election rules and tackle hostile threats. But she said there is no evidence to suggest the attack was directly linked to her position.
A parliamentary spokesperson declined to comment on individual cases, but insisted the institution has “robust measures” in place to help Westminster staff manage their digital safety.
