Leaked: Politicians’ emails and
passwords on the dark web

Over 4,300 government officials in Europe and the US have had their official email addresses — and even passwords — exposed on the dark web.

Politicians and staffers are using their official email addresses to sign up for everyday accounts, like social media, news sites, and dating apps. If (or when) these services suffer a breach, attackers can use these email addresses to easily identify high-profile targets.

For the average person, this is a serious privacy risk. For public officials, it’s a potential national security threat.

To conduct this investigation, we searched the dark web for information associated with the publicly available email addresses of government officials. In many cases we found that highly sensitive information — including passwords — was freely available on well-known criminal forums.

This presents an obvious cyber security risk if these people were reusing passwords for multiple services. But it also presents an additional risk because the personal information available puts these officials in danger of blackmail or social engineering.

Account security is incredibly important and easy to get wrong. It's vital that we all takes steps to protect ourselves — with tools like a password manager or email aliases — because if even politicians with a higher than normal threat model can make mistakes, so can anyone else.

This investigation would not have been possible without the assistance of Constella Intelligence(new window).

How widespread is the problem?

Institution	Email addresses searched	Email addresses breached	Percentage of email addresses breached	Passwords exposed	Passwords exposed in plaintext
UK House of Commons	650	443	68%	284	216
EU Parliament	705	309	44%	195	161
Canadian House of Commons	343	152	44%	44	29
Danish Parliament	179	74	41%	93	69
Austrian National Council members	183	45	25%	48	39
US political staffers	16,543	3,191	20%	2,975	1,848
French Parliament	925	166	18%	322	320
Dutch Parliament	225	41	18%	35	32
Swiss federal politicians	277	44	16%	78	58
Luxembourgish Parliament	60	10	16%	43	38
Italian Parliament	609	91	15%	195	188
German state parliaments	1,874	241	13%	220	153
Spanish Parliament	615	39	6%	14	9

Key highlights from the data

UK government accused Russia(new window)</a> of a “years-long cyberattack” on British academics, politicians, and policymakers. "],"font":[0,"sans"],"columns":[0]}],"bullet_points":[1,[]],"buttons":[1,[]],"note":[0],"aside":[0],"media":[0,{"provider":[0,"strapi"],"mime":[0,"image/png"],"src":[0,"https://delicate-books-39fa188272.media.strapiapp.com/british_parliament_mobile_c1380e0bd5.png"],"width":[0,776],"height":[0,744],"alt":[0,""],"objectFit":[0,"contain"],"objectPosition":[0,"center"],"md":[0,{"mime":[0,"image/png"],"provider":[0,"strapi"],"src":[0,"https://delicate-books-39fa188272.media.strapiapp.com/british_parliament_13ec2361c0.png"],"width":[0,1328],"height":[0,1099],"alt":[0,""],"objectFit":[0,"contain"],"objectPosition":[0,"center"]}]}]}],[0,{"header_graphic":[0],"tags":[1,[]],"title":[0,{"content":[0,"Danish Parliament: Most repeat exposures"],"level":[0,"h3"],"font":[0,"serif"],"size":[1,[[0,{"font":[0,"xl"],"screen":[0]}]]],"weight":[0,null]}],"text":[0,{"content":[0,"41% of Danish politicians had their official email address breached, the third highest percentage of all the groups we've looked at. If a politician was involved in a breach, their details appeared 7.5 times on the dark web on average, the highest of the institutions we've looked at. The Danish politician with the most exposures had their email address appear 25 times, along with 8 passwords in plaintext.Past attacksIn 2023, Russian affiliated hackers exploited a zero-day firewall vulnerability, <a rel=\"noopener noreferrer\" target=\"_blank\" href=https://proton.me/"https://dd80b675424c132b90b3-e48385e382d2e5d17821a5e1d8e4c86b.ssl.cf1.rackcdn.com/external/sektorcert-the-attack-against-danish-critical-infrastructure-tlp-clear.pdf/">compromising 22 organizations overseeing Denmark’s energy infrastructure(new window)</a> — the most extensive cyberattack Denmark has faced. "],"font":[0,"sans"],"columns":[0]}],"bullet_points":[1,[]],"buttons":[1,[]],"note":[0],"aside":[0],"media":[0,{"provider":[0,"strapi"],"mime":[0,"image/png"],"src":[0,"https://delicate-books-39fa188272.media.strapiapp.com/danish_parliament_mobile_b44dedf570.png"],"width":[0,776],"height":[0,744],"alt":[0,""],"objectFit":[0,"contain"],"objectPosition":[0,"center"],"md":[0,{"mime":[0,"image/png"],"provider":[0,"strapi"],"src":[0,"https://delicate-books-39fa188272.media.strapiapp.com/danish_parliament_304d43d97f.png"],"width":[0,1328],"height":[0,1098],"alt":[0,""],"objectFit":[0,"contain"],"objectPosition":[0,"center"]}]}]}],[0,{"header_graphic":[0],"tags":[1,[]],"title":[0,{"content":[0,"European Parliament: Widespread leaks"],"level":[0,"h3"],"font":[0,"serif"],"size":[1,[[0,{"font":[0,"xl"],"screen":[0]}]]],"weight":[0,null]}],"text":[0,{"content":[0,"44% of MEPs had an exposed government email address, behind only the British Parliament. Of the 309 MEPs exposed, 92 were caught up in 10 or more leaks. Of the MEPs that suffered a breach, their details appeared 7.48 times on average, the second high rate behind the Danish Parliament.Past attacksIn 2024, two members and a staffer of the European Parliament’s security and defense subcommittee <a rel=\"noopener noreferrer\" target=\"_blank\" href=https://proton.me/"https://www.politico.eu/article/nathalie-loiseau-elena-yoncheva-pegasus-spyware-european-parliament-security-defense-subcommittee//">found spyware on their smartphones(new window)</a>."],"font":[0,"sans"],"columns":[0]}],"bullet_points":[1,[]],"buttons":[1,[]],"note":[0],"aside":[0],"media":[0,{"provider":[0,"strapi"],"mime":[0,"image/png"],"src":[0,"https://delicate-books-39fa188272.media.strapiapp.com/european_parliament_mobile_20c99e6361.png"],"width":[0,776],"height":[0,744],"alt":[0,""],"objectFit":[0,"contain"],"objectPosition":[0,"center"],"md":[0,{"mime":[0,"image/png"],"provider":[0,"strapi"],"src":[0,"https://delicate-books-39fa188272.media.strapiapp.com/european_parliament_b439333dd3.png"],"width":[0,1328],"height":[0,1098],"alt":[0,""],"objectFit":[0,"contain"],"objectPosition":[0,"center"]}]}]}],[0,{"header_graphic":[0],"tags":[1,[]],"title":[0,{"content":[0,"Swiss federal politicians: Few breaches (but some are embarrassing)"],"level":[0,"h3"],"font":[0,"serif"],"size":[1,[[0,{"font":[0,"xl"],"screen":[0]}]]],"weight":[0,null]}],"text":[0,{"content":[0,"Roughly 16% of Swiss federal politicians (which includes the Council of States, Federal Council, and National Council) had their official government email address exposed on the dark web, below the average (roughly 21%) and median (18%) in our dataset. However, several email addresses were exposed in breaches affecting dating and adult websites, suggest some Swiss politicians used their official emails to create accounts.Past attacksIn 2025, <a rel=\"noopener noreferrer\" target=\"_blank\" href=https://proton.me/"https://www.swissinfo.ch/eng/swiss-politics/federal-administration-affected-by-hacker-attack/88703300/">hackers used DDoS attacks(new window)</a> to knock the Swiss Federal Administration's telephones, websites, and services offline."],"font":[0,"sans"],"columns":[0]}],"bullet_points":[1,[]],"buttons":[1,[]],"note":[0],"aside":[0],"media":[0,{"provider":[0,"strapi"],"mime":[0,"image/png"],"src":[0,"https://delicate-books-39fa188272.media.strapiapp.com/image_swiss_1be60e48f6.png"],"width":[0,1328],"height":[0,1098],"alt":[0,""],"objectFit":[0,"contain"],"objectPosition":[0,"center"],"md":[0,{"mime":[0,"image/png"],"provider":[0,"strapi"],"src":[0,"https://delicate-books-39fa188272.media.strapiapp.com/image_swiss_1be60e48f6.png"],"width":[0,1328],"height":[0,1098],"alt":[0,""],"objectFit":[0,"contain"],"objectPosition":[0,"center"]}]}]}],[0,{"header_graphic":[0],"tags":[1,[]],"title":[0,{"content":[0,"Canada's House of Commons: 2nd most exposed national parliament"],"level":[0,"h3"],"font":[0,"serif"],"weight":[0,"normal"]}],"text":[0,{"content":[0,"Over 44% (152 of the 343 members) of Canada's House of Commons had their official emails leaked on the dark web. Even worse, these 152 politicians were involved in over 750 breaches, with one individual's information appearing in 22 different leaks. Along with their official email addresses, 44 passwords also found, including 29 in plaintext. Past attacksIt is urgent that Canadian politicians address these security lapses as it is a target. In August 2025, <a rel=\"noopener noreferrer\" target=\"_blank\" href=https://proton.me/"https://therecord.media/hackers-compromise-canada-house-of-commons/">hackers accessed a Canadian House of Commons database(new window)</a> used to manage computers and mobile devices. "],"font":[0,"sans"],"columns":[0,1]}],"bullet_points":[1,[]],"buttons":[1,[]],"note":[0],"aside":[0],"media":[0,{"provider":[0,"strapi"],"mime":[0,"image/png"],"src":[0,"https://delicate-books-39fa188272.media.strapiapp.com/canada_upd_c5adaa52ca.png"],"width":[0,1328],"height":[0,1098],"alt":[0,""],"objectFit":[0,"contain"],"objectPosition":[0,"center"],"md":[0,{"mime":[0,"image/png"],"provider":[0,"strapi"],"src":[0,"https://delicate-books-39fa188272.media.strapiapp.com/canada_upd_c5adaa52ca.png"],"width":[0,1328],"height":[0,1098],"alt":[0,""],"objectFit":[0,"contain"],"objectPosition":[0,"center"]}]}]}]]],"section":[0,{"identifier":[0,null],"bgColor":[0,"white"],"bgImage":[0],"bgPadding":[0,{"top":[0,"0"],"bottom":[0,"12"]}],"containerBgColor":[0],"containerBgImage":[0],"containerBorderRadius":[0,"3xl"],"containerMaxWidth":[0,"8xl"],"containerPadding":[0,{"top":[0],"bottom":[0,"0"]}],"contentMaxWidth":[0,"full"],"contentAlignment":[0]}]}" ssr client="load" opts="{"name":"Carousel","value":true}" await-children>

UK House of Commons: Most exposed

The UK House of Commons had the highest percentage of politicians' official email addresses exposed in breaches of all the institutions we've looked at so far. In total, the British politicians had their official emails exposed 2,311 times on the dark web. One MP alone had their details exposed 30 times.

Past attacks

In December 2023, the UK government accused Russia(new window) of a “years-long cyberattack” on British academics, politicians, and policymakers.

Danish Parliament: Most repeat exposures

41% of Danish politicians had their official email address breached, the third highest percentage of all the groups we've looked at. If a politician was involved in a breach, their details appeared 7.5 times on the dark web on average, the highest of the institutions we've looked at. The Danish politician with the most exposures had their email address appear 25 times, along with 8 passwords in plaintext.

Past attacks

In 2023, Russian affiliated hackers exploited a zero-day firewall vulnerability, compromising 22 organizations overseeing Denmark’s energy infrastructure(new window) — the most extensive cyberattack Denmark has faced.

European Parliament: Widespread leaks

44% of MEPs had an exposed government email address, behind only the British Parliament. Of the 309 MEPs exposed, 92 were caught up in 10 or more leaks. Of the MEPs that suffered a breach, their details appeared 7.48 times on average, the second high rate behind the Danish Parliament.

Past attacks

In 2024, two members and a staffer of the European Parliament’s security and defense subcommittee found spyware on their smartphones(new window).

Swiss federal politicians: Few breaches (but some are embarrassing)

Roughly 16% of Swiss federal politicians (which includes the Council of States, Federal Council, and National Council) had their official government email address exposed on the dark web, below the average (roughly 21%) and median (18%) in our dataset. However, several email addresses were exposed in breaches affecting dating and adult websites, suggest some Swiss politicians used their official emails to create accounts.

Past attacks

In 2025, hackers used DDoS attacks(new window) to knock the Swiss Federal Administration's telephones, websites, and services offline.

Canada's House of Commons: 2nd most exposed national parliament

Over 44% (152 of the 343 members) of Canada's House of Commons had their official emails leaked on the dark web. Even worse, these 152 politicians were involved in over 750 breaches, with one individual's information appearing in 22 different leaks. Along with their official email addresses, 44 passwords also found, including 29 in plaintext.

Past attacks

It is urgent that Canadian politicians address these security lapses as it is a target. In August 2025, hackers accessed a Canadian House of Commons database(new window) used to manage computers and mobile devices.

Frankfurt University of Applied Sciences(new window)</a> and <a rel=\"noopener noreferrer\" target=\"_blank\" href=https://proton.me/"https://therecord.media/hochschule-kempten-cyberattack-german-university/">Hochschule Kempten(new window)</a> were forced to close due to cyberattacks, the Bavarian pharmaceutical giant AEP was hit by a <a rel=\"noopener noreferrer\" target=\"_blank\" href=https://proton.me/"https://therecord.media/ransomware-attack-hits-german-pharmaceutical-wholesaler-disruptions/">ransomware attack(new window)</a>, and the <a rel=\"noopener noreferrer\" target=\"_blank\" href=https://proton.me/"https://www.aljazeera.com/news/2024/5/3/germany-accuses-russia-of-intolerable-cyberattack-warns-of-consequences/">Social Democratic(new window)</a> party (SPD) was hacked."],"font":[0,"sans"],"columns":[0]}],"bullet_points":[1,[]],"buttons":[1,[]],"note":[0],"aside":[0],"media":[0,{"provider":[0,"strapi"],"mime":[0,"image/png"],"src":[0,"https://delicate-books-39fa188272.media.strapiapp.com/german_state_parliaments_mobile_1b190e083d.png"],"width":[0,776],"height":[0,744],"alt":[0,""],"objectFit":[0,"contain"],"objectPosition":[0,"center"],"md":[0,{"mime":[0,"image/png"],"provider":[0,"strapi"],"src":[0,"https://delicate-books-39fa188272.media.strapiapp.com/german_state_parliaments_b6ed2777af.png"],"width":[0,1328],"height":[0,1099],"alt":[0,""],"objectFit":[0,"contain"],"objectPosition":[0,"center"]}]}]}],[0,{"header_graphic":[0],"tags":[1,[]],"title":[0,{"content":[0,"Italian Parliament: Third fewest leaks"],"level":[0,"h3"],"font":[0,"serif"],"size":[1,[[0,{"font":[0,"xl"],"screen":[0]}]]],"weight":[0,null]}],"text":[0,{"content":[0,"15% of Italian politicians have had their official email address exposed, the third lowest percentage of the institutions we looked at. They also only suffered a total of 402 email breaches. For comparison, the British Parliament, which has 650 MPs compared to Italy's 609, had a total of 2,110 breaches. Past attacksIn May 2024, Russian affiliated hackers <a rel=\"noopener noreferrer\" target=\"_blank\" href=https://proton.me/"https://decode39.com/9036/russian-hackers-targeted-italian-institutions//">took down the websites of Prime Minister Giorgia Meloni(new window)</a> and the Ministries of Infrastructure and Enterprise."],"font":[0,"sans"],"columns":[0]}],"bullet_points":[1,[]],"buttons":[1,[]],"note":[0],"aside":[0],"media":[0,{"provider":[0,"strapi"],"mime":[0,"image/png"],"src":[0,"https://delicate-books-39fa188272.media.strapiapp.com/italian_parliament_mobile_be69667e04.png"],"width":[0,776],"height":[0,744],"alt":[0,""],"objectFit":[0,"contain"],"objectPosition":[0,"center"],"md":[0,{"mime":[0,"image/png"],"provider":[0,"strapi"],"src":[0,"https://delicate-books-39fa188272.media.strapiapp.com/italian_parliament_c3775e97a3.png"],"width":[0,1328],"height":[0,1098],"alt":[0,""],"objectFit":[0,"contain"],"objectPosition":[0,"center"]}]}]}],[0,{"header_graphic":[0],"tags":[1,[]],"title":[0,{"content":[0,"Luxembourgish Parliament: One politician had 20+ passwords exposed"],"level":[0,"h3"],"font":[0,"serif"],"size":[1,[[0,{"font":[0,"xl"],"screen":[0]}]]],"weight":[0,null]}],"text":[0,{"content":[0,"We found 16% of Luxembourgish politicians' official email addresses on the dark web — but because Luxembourgish Parliament only has 60 members, this equals 10 exposed emails. However, one politician not only had their email address exposed, but also 29 passwords, all in plaintext. Past attacksIn 2024, DDoS attacks <a rel=\"noopener noreferrer\" target=\"_blank\" href=https://proton.me/"https://www.luxtimes.lu/luxembourg/luxembourg-government-websites-targeted-again-in-cyberattack/9988640.html/">repeatedly disrupted websites for the ministries of finance and justice(new window)</a>, the official statistics agency, and the national health fund."],"font":[0,"sans"],"columns":[0]}],"bullet_points":[1,[]],"buttons":[1,[]],"note":[0],"aside":[0],"media":[0]}],[0,{"header_graphic":[0],"tags":[1,[]],"title":[0,{"content":[0,"Spanish Parliament: Fewest leaks by far"],"level":[0,"h3"],"font":[0,"serif"],"size":[1,[[0,{"font":[0,"xl"],"screen":[0]}]]],"weight":[0,null]}],"text":[0,{"content":[0,"Spanish Parliament has by far the fewest politician's with exposed official email addresses. Only 6% of Spanish politicians had their email appear on the dark web — the Italian Parliament is the next lowest with 15%. Even more impressive, we found only nine passwords in plaintext linked to Spanish politicians. Past attacksIn 2022, <a rel=\"noopener noreferrer\" target=\"_blank\" href=https://proton.me/"https://www.theguardian.com/world/2022/apr/18/catalan-leaders-targeted-using-nso-spyware-say-cybersecurity-experts/">Pegaus spyware(new window)</a> was found on the devices of 63 individuals involved in the Catalan independence movement and the Spanish Prime Minister."],"font":[0,"sans"],"columns":[0]}],"bullet_points":[1,[]],"buttons":[1,[]],"note":[0],"aside":[0],"media":[0,{"provider":[0,"strapi"],"mime":[0,"image/png"],"src":[0,"https://delicate-books-39fa188272.media.strapiapp.com/spanish_parliament_mobile_433891544f.png"],"width":[0,776],"height":[0,744],"alt":[0,""],"objectFit":[0,"contain"],"objectPosition":[0,"center"],"md":[0,{"mime":[0,"image/png"],"provider":[0,"strapi"],"src":[0,"https://delicate-books-39fa188272.media.strapiapp.com/spanish_parliament_291977a9de.png"],"width":[0,1328],"height":[0,1098],"alt":[0,""],"objectFit":[0,"contain"],"objectPosition":[0,"center"]}]}]}]]],"section":[0,{"identifier":[0,null],"bgColor":[0,"white"],"bgImage":[0],"bgPadding":[0,{"top":[0,"12"],"bottom":[0,"12"]}],"containerBgColor":[0],"containerBgImage":[0],"containerBorderRadius":[0,"none"],"containerMaxWidth":[0,"8xl"],"containerPadding":[0,{"top":[0],"bottom":[0]}],"contentMaxWidth":[0,"full"],"contentAlignment":[0]}]}" ssr client="load" opts="{"name":"Carousel","value":true}" await-children>

German state parliaments: Three states fail cybersecurity

Overall, only 13% of German state politicians have their official email addresses exposed on the dark web, second lowest percentage we found. However, there are three states where at least half the politicians have exposed email addresses and other details: Sachsen-Anhalt, with 67%; Rheinland-Pfalz, with 51.1%, and Bremen, with 50%.

Past Attacks

In 2024, the Frankfurt University of Applied Sciences(new window) and Hochschule Kempten(new window) were forced to close due to cyberattacks, the Bavarian pharmaceutical giant AEP was hit by a ransomware attack(new window), and the Social Democratic(new window) party (SPD) was hacked.

Italian Parliament: Third fewest leaks

15% of Italian politicians have had their official email address exposed, the third lowest percentage of the institutions we looked at. They also only suffered a total of 402 email breaches. For comparison, the British Parliament, which has 650 MPs compared to Italy's 609, had a total of 2,110 breaches.

Past attacks

In May 2024, Russian affiliated hackers took down the websites of Prime Minister Giorgia Meloni(new window) and the Ministries of Infrastructure and Enterprise.

Luxembourgish Parliament: One politician had 20+ passwords exposed

We found 16% of Luxembourgish politicians' official email addresses on the dark web — but because Luxembourgish Parliament only has 60 members, this equals 10 exposed emails. However, one politician not only had their email address exposed, but also 29 passwords, all in plaintext.

Past attacks

In 2024, DDoS attacks repeatedly disrupted websites for the ministries of finance and justice(new window), the official statistics agency, and the national health fund.

Spanish Parliament: Fewest leaks by far

Spanish Parliament has by far the fewest politician's with exposed official email addresses. Only 6% of Spanish politicians had their email appear on the dark web — the Italian Parliament is the next lowest with 15%. Even more impressive, we found only nine passwords in plaintext linked to Spanish politicians.

Past attacks

In 2022, Pegaus spyware(new window) was found on the devices of 63 individuals involved in the Catalan independence movement and the Spanish Prime Minister.

phish dozens of senators(new window)</a> with text messages."],"font":[0,"sans"],"columns":[0]}],"bullet_points":[1,[]],"buttons":[1,[]],"note":[0],"aside":[0],"media":[0,{"provider":[0,"strapi"],"mime":[0,"image/png"],"src":[0,"https://delicate-books-39fa188272.media.strapiapp.com/us_political_staffers_mobile_e44c419232.png"],"width":[0,776],"height":[0,744],"alt":[0,""],"objectFit":[0,"contain"],"objectPosition":[0,"center"],"md":[0,{"mime":[0,"image/png"],"provider":[0,"strapi"],"src":[0,"https://delicate-books-39fa188272.media.strapiapp.com/us_political_staffers_1_798c79c7ac.png"],"width":[0,1536],"height":[0,1270],"alt":[0,""],"objectFit":[0,"contain"],"objectPosition":[0,"center"]}]}]}],[0,{"header_graphic":[0],"tags":[1,[]],"title":[0,{"content":[0,"French Parliament: Strong security – except for one lawmaker"],"level":[0,"h3"],"font":[0,"serif"],"size":[1,[[0,{"font":[0,"xl"],"screen":[0]}]]],"weight":[0,null]}],"text":[0,{"content":[0,"Only 18% of French politicians had their official emails exposed — but France is also home to the least secure lawmaker found in our survey. One politician's email appeared in 137 breaches, along with 133 passwords in plaintext. The Senate was hit hardest overall, with 33% of members exposed, compared to just 9% in the National Assembly.Past attacksIn November 2023, journalists discovered that a hacker stole the credentials for a French MP’s inbox and <a rel=\"noopener noreferrer\" target=\"_blank\" href=https://proton.me/"https://www.numerama.com/cyberguerre/1562144-la-boite-mail-dun-depute-francais-a-ete-vendue-pour-138e-sur-un-forum-de-hackers.html \">sold them on the dark web for $150(new window)</a>. "],"font":[0,"sans"],"columns":[0]}],"bullet_points":[1,[]],"buttons":[1,[]],"note":[0],"aside":[0],"media":[0,{"provider":[0,"strapi"],"mime":[0,"image/png"],"src":[0,"https://delicate-books-39fa188272.media.strapiapp.com/french_parliament_mobile_469b8b46ee.png"],"width":[0,776],"height":[0,744],"alt":[0,""],"objectFit":[0,"contain"],"objectPosition":[0,"center"],"md":[0,{"mime":[0,"image/png"],"provider":[0,"strapi"],"src":[0,"https://delicate-books-39fa188272.media.strapiapp.com/FR_ee59b9e31e.png"],"width":[0,1328],"height":[0,1098],"alt":[0,""],"objectFit":[0,"contain"],"objectPosition":[0,"center"]}]}]}],[0,{"header_graphic":[0],"tags":[1,[]],"title":[0,{"content":[0,"Dutch Parliament: Inconsistent cybersecurity"],"level":[0,"h3"],"font":[0,"serif"],"size":[1,[[0,{"font":[0,"xl"],"screen":[0]}]]],"weight":[0,null]}],"text":[0,{"content":[0,"While only 18% of Dutch politicians have exposed email addresses, the breaches are not evenly distributed between the two houses of parliament. Out of the 150 members of the Tweede Kamer (lower house), 36 had their emails exposed (24%). Comparatively, only five of the Eerste Kamer’s 75 members (around 7%) had their email addresses leaked. Past attacksIn September 2024, all 63,000 members of the Dutch police force had their <a rel=\"noopener noreferrer\" target=\"_blank\" href=https://proton.me/"https://apnews.com/article/netherlands-police-hack-cyberattack-foreign-government-dutch-ab5ec08bbd2bfcd2bae983ee33701fe2 \">work-related contacts illegally accessed(new window)</a> by a suspected state actor, and in February 2024, a breach exposed the <a rel=\"noopener noreferrer\" target=\"_blank\" href=https://proton.me/"https://www.reuters.com/technology/cybersecurity/china-cyber-spies-hacked-computers-dutch-defence-ministry-report-2024-02-06//">Dutch military’s network to Chinese hackers(new window)</a>."],"font":[0,"sans"],"columns":[0]}],"bullet_points":[1,[]],"buttons":[1,[]],"note":[0],"aside":[0],"media":[0,{"provider":[0,"strapi"],"mime":[0,"image/png"],"src":[0,"https://delicate-books-39fa188272.media.strapiapp.com/dutch_parliament_mobile_f4a66909d9.png"],"width":[0,776],"height":[0,744],"alt":[0,""],"objectFit":[0,"contain"],"objectPosition":[0,"center"],"md":[0,{"mime":[0,"image/png"],"provider":[0,"strapi"],"src":[0,"https://delicate-books-39fa188272.media.strapiapp.com/NL_879837c54e.png"],"width":[0,1328],"height":[0,1098],"alt":[0,""],"objectFit":[0,"contain"],"objectPosition":[0,"center"]}]}]}],[0,{"header_graphic":[0],"tags":[1,[]],"title":[0,{"content":[0,"Austrian National Council: 1 in 4 politicians exposed "],"level":[0,"h3"],"font":[0,"serif"],"weight":[0,null]}],"text":[0,{"content":[0,"45 of the 183 members of the Austrian National Council had their official government email addresses or email addresses listed as their official government contact exposed on the dark web. These leaked addresses appeared in 255 separate breaches, along with 48 exposed passwords — 39 of which were in plaintext. The exposure rate of Austrian politicians (roughly 25%) matches the average of all the countries we've analyzed so far. Past attacksAustria has suffered multiple sophisticated cyberattacks in 2025. In January, its <a rel=\"noopener noreferrer\" target=\"_blank\" href=https://proton.me/"https://securityaffairs.com/97879/intelligence/austrias-foreign-ministry-attack.html/">foreign ministry suffered a serious attack(new window)</a>, and in September, <a rel=\"noopener noreferrer\" target=\"_blank\" href=https://proton.me/"https://www.intelligentcio.com/eu/2025/09/04/austrias-ministry-of-interior-launches-investigation-after-100-government-emails-are-hacked//">100 email accounts in its interior ministry(new window)</a> were breached. Both attacks are suspected to have been carried out by state actors. "],"font":[0,"sans"],"columns":[0,1]}],"bullet_points":[1,[]],"buttons":[1,[]],"note":[0],"aside":[0],"media":[0,{"provider":[0,"strapi"],"mime":[0,"image/png"],"src":[0,"https://delicate-books-39fa188272.media.strapiapp.com/Austria_mob_1bd3a2540a.png"],"width":[0,776],"height":[0,642],"alt":[0,""],"objectFit":[0,"contain"],"objectPosition":[0,"center"],"md":[0,{"mime":[0,"image/png"],"provider":[0,"strapi"],"src":[0,"https://delicate-books-39fa188272.media.strapiapp.com/Austria_3e8ec1ffa6.png"],"width":[0,1328],"height":[0,1098],"alt":[0,""],"objectFit":[0,"contain"],"objectPosition":[0,"center"]}]}]}]]],"section":[0,{"identifier":[0,null],"bgColor":[0,"white"],"bgImage":[0],"bgPadding":[0,{"top":[0,"12"],"bottom":[0,"24"]}],"containerBgColor":[0],"containerBgImage":[0],"containerBorderRadius":[0,"none"],"containerMaxWidth":[0,"8xl"],"containerPadding":[0,{"top":[0],"bottom":[0]}],"contentMaxWidth":[0,"full"],"contentAlignment":[0]}]}" ssr client="load" opts="{"name":"Carousel","value":true}" await-children>

US political staffers: A major risk

20% of US political staffers had exposed government-assigned email addresses, the fourth highest percentage we've found. (However, the percentage of politicians with exposed emails in Denmark, which is in third, is twice as high.) We looked at US political staffers because Congress members do not always publicly share their official email addresses. Roughly 10% of breached staffers had their details appear more than 10 times in databases on the dark web.

Past attacks

In 2024, an unknown attacker pretending to be Senate Majority Leader Chuck Schumer attempted to phish dozens of senators(new window) with text messages.

French Parliament: Strong security – except for one lawmaker

Only 18% of French politicians had their official emails exposed — but France is also home to the least secure lawmaker found in our survey. One politician's email appeared in 137 breaches, along with 133 passwords in plaintext. The Senate was hit hardest overall, with 33% of members exposed, compared to just 9% in the National Assembly.

Past attacks

In November 2023, journalists discovered that a hacker stole the credentials for a French MP’s inbox and sold them on the dark web for $150(new window).

Dutch Parliament: Inconsistent cybersecurity

While only 18% of Dutch politicians have exposed email addresses, the breaches are not evenly distributed between the two houses of parliament. Out of the 150 members of the Tweede Kamer (lower house), 36 had their emails exposed (24%). Comparatively, only five of the Eerste Kamer’s 75 members (around 7%) had their email addresses leaked.

Past attacks

In September 2024, all 63,000 members of the Dutch police force had their work-related contacts illegally accessed(new window) by a suspected state actor, and in February 2024, a breach exposed the Dutch military’s network to Chinese hackers(new window).

Austrian National Council: 1 in 4 politicians exposed

45 of the 183 members of the Austrian National Council had their official government email addresses or email addresses listed as their official government contact exposed on the dark web. These leaked addresses appeared in 255 separate breaches, along with 48 exposed passwords — 39 of which were in plaintext. The exposure rate of Austrian politicians (roughly 25%) matches the average of all the countries we've analyzed so far.

Past attacks

Austria has suffered multiple sophisticated cyberattacks in 2025. In January, its foreign ministry suffered a serious attack(new window), and in September, 100 email accounts in its interior ministry(new window) were breached. Both attacks are suspected to have been carried out by state actors.

Why this matters

It's important to note that these leaks aren't proof of government network hacks. These email addresses were exposed by breaches at services like LinkedIn, Dropbox, Adobe, and others.

Still, when a politician or staffer's email address is exposed, it's more than just an inconvenience — it's a signal to attackers that this is a high-value target.

Politicians with exposed accounts using their official email address are at more risk of:

Phishing: Attackers can craft targeted social engineering attacks using leaked personal details or data from vulnerable accounts.
Blackmail: Attackers can leverage sensitive or personal information for coercion.
Account takeovers: If officials reused exposed passwords, attackers could infiltrate government systems.

How Proton Pass protects you

Hide-my-email aliases: Use unique email aliases instead of exposing your real email addres
Secure password manager: Generate and store strong, unique passwords for every account
Passkey support: Future-proof login security with phishing-resistant passkeys
Built-in 2FA code generator: Store your credentials and 2FA codes in one encrypted vault
Dark Web Monitoring: Get alerts if your Proton email addresses or aliases appear in data leaks
Proton Sentinel: Proactively defend your Proton Account from takeover attempts

Take control of your security

Ready to protect yourself?

Stop reusing passwords
Never use your professional email address for everyday accounts
Use aliases to keep your real email address hidden
Let Dark Web Monitoring alert you of breaches

Get Proton Pass Plus

Leaked: Politicians’ emails and passwords on the dark web

Over 4,300 government officials in Europe and the US have had their official email addresses — and even passwords — exposed on the dark web.

How widespread is the problem?

Key highlights from the data

UK House of Commons: Most exposed

Danish Parliament: Most repeat exposures

European Parliament: Widespread leaks

Swiss federal politicians: Few breaches (but some are embarrassing)

Canada's House of Commons: 2nd most exposed national parliament

German state parliaments: Three states fail cybersecurity

Italian Parliament: Third fewest leaks

Luxembourgish Parliament: One politician had 20+ passwords exposed

Spanish Parliament: Fewest leaks by far

US political staffers: A major risk

French Parliament: Strong security – except for one lawmaker

Dutch Parliament: Inconsistent cybersecurity

Austrian National Council: 1 in 4 politicians exposed

Why this matters

How Proton Pass protects you

Take control of your security

Leaked: Politicians’ emails and
passwords on the dark web