The leaked data originated from several platforms, including social media, dating apps, and adult websites, where some staffers had reportedly used their official government email addresses.
A recent cyberattack targeting the U.S. Capitol resulted in the personal information of over 3,000 congressional staffers being leaked onto the dark web, according to the Washington Times.
The security breach, discovered by the Swiss firm Proton in collaboration with the U.S.-based Constella Intelligence, revealed that around 1,800 passwords belonging to Capitol Hill staffers were compromised. This represents nearly one in five staffers.
The leaked data originated from several platforms, including social media, dating apps, and adult websites, where some staffers had reportedly used their official government email addresses.
“Many of these leaks likely occurred because staffers used their original email addresses to sign up for various services, including high-risk sites such as dating and adult websites,” Proton said in a statement. “The practice significantly increases the chances of a data breach.”
In one extreme case, a staffer had 31 passwords exposed.
“The volume of exposed accounts is alarming,” said Eamonn Maguire, Proton’s head of Account Security. “These leaks are not just a privacy concern but pose real risks to personal and national security. Government institutions need to enforce stringent practices to mitigate these threats.”
The investigation highlights the broader risks posed by weak cybersecurity practices, as staffers’ use of official emails for personal accounts made them particularly vulnerable to breaches on these platforms. The leaked information could lead to severe consequences, such as identity theft, financial fraud, or even risks to national security.
Proton has contacted the affected individuals to notify them of the leaks and is expected to release additional findings soon to ensure the integrity of upcoming elections.
The data breach on Capitol Hill comes amid investigations into alleged Iranian hackers posing a cybersecurity threat. Reports from both the Trump-Vance campaign and the Harris-Walz campaign show that Iranian influences have attempted phishing scams on both candidates.
This piece first appeared at TPUSA.