Before you can apply for a job at the European Parliament, you have to register on its recruitment platform PEOPLE. There, applicants provide the institution with heaps of personal data. This includes ID cards and passports, residence and education documents, and also sensitive data such as criminal record extracts and marriage certificates that can reveal your sexual orientation. This makes it all the more important that the EU Parliament takes appropriate security precautions to protect this data from being accessed by third parties.
On 26 April 2024, the EU Parliament informed the European Data Protection Supervisor (EDPS) of a massive data breach in PEOPLE, affecting more than 8,000 current and former employees. It is still unclear when and how the data breach actually occurred, but those affected have been told that every single document they uploaded to PEOPLE has been compromised. On 31 May, the Parliament advised the people concerned to replace their IDs and passports as a precautionary measure and offered to reimburse them for the costs. At the time of filing this complaint, it is still unclear how long the attackers were able to access the personal data of the applicants.
The EU parliament IT services seem to be a huge mess in general.
Remember the discussions about the EU having their own Fediverse servers? One would think the EU Parliarment would be the perfect institution to host that? Well, every time that suggestion came up the people in-the-know politely declined…