The European Parliament (EP) was hit by a man-in-the-middle attack that sought to gather data on communications between smartphones and public WiFi used in the organisation, it has been revealed.
A notice posted online showed an email to staff confirming that some of them had been affected by the incident and that the public WiFi service would be turned off as a precautionary measure for the time being.
“The Parliament has been subject for a man-in-the-middle attack, where a hacker has captured the communication between private smartphones and the public WiFi of the Parliament (EP-EXT Network),” the note read.
“Some individual mailboxes have been compromised. All concerned users have already been contacted and asked to change their password.
“As a precaution, the Parliament has therefore decided to switch off the public WiFi network until further notice, and we invite you to contact the ITEC Service Desk [IT Desk] in order to install an EP software certificate on all the devices that you use to access the EP IT systems (email, etc).”
Staff were also advised to change their passwords and to avoid using unknown public WiFi in other destinations such as train stations or airports.
"On the medium term the Parliament will take additional measures to further secure the communication to the Parliament,” it added.
The EP confirmed to V3 that the public WiFi network was still down at present: "Because of this incident, Parliament has decided to close the public WiFi network until further notice," a spokesperson said.
The incident underlines the growing issues affecting public WiFi services and the security risks they pose. Many high street stores are starting to offer free WiFi services in order to meet customers' needs and try to allow them to access more content about products on their devices.
Dan Worth is the news editor for V3 having first joined the site as a reporter in November 2009. He specialises in a raft of areas including fixed and mobile telecoms, data protection, social media and government IT. Before joining V3 Dan covered communications technology, data handling and resilience in the emergency services sector on the BAPCO Journal.