Vienna (Austria):A non-profit on Thursday said it had lodged two complaints accusing the European Parliament of compromising employees' personal data as a result of a massive cyberattack earlier this year. The complaints were filed with the European Data Protection Supervisory by Noyb ("None of Your Business"), an organisation that has initiated several court proceedings over the enforcement of European data protection laws since 2018.
They follow a "massive data breach" that the European Parliament told its staff in May that it had suffered earlier in the year. The cyberattack affected the parliament's recruiting platform, which contained personal data of more than 8,000 staff, according to Noyb. "Parliament only found out about the breach months after it happened, and still doesn’t seem to know the cause", Noyb said in a statement announcing that it had lodged the complaints on behalf of four employees.
"This is particularly worrying as the Parliament has long been aware of vulnerabilities in its cybersecurity system", it said. The Vienna-based privacy campaign group has asked that the institution be fined over jeopardising its staff members' right to privacy. The breached files, which included marriage certificates, contained "specially protected sensitive data", such as employees' sexual orientation, religion, ethnicity and political views, according to Noyb.