Skip To Content

    A "Malicious Hack" Accessing MPs' Phone And Email Contacts Is Being Investigated By Parliament

    Exclusive: "I've been hacked," one member of the government confirmed.

    Parliamentary authorities are investigating after MPs were targeted by an attempt to hack into their email and phone contact lists on Monday, BuzzFeed News has learned.

    In an email to MPs, deputy chief whip Christopher Pincher warned colleagues to ignore text messages and emails asking them to "provide overseas contact details" or to "download a secure message app".

    Pincher told them: "This is a malicious hack that accesses your contacts list and sends texts and emails to all your private contacts." He said the Parliamentary Digital Service, which advises MPs on security, had been informed.

    Concerns were raised after at least one Tory MP was caught out by the apparent phishing attempt.

    Dozens of MPs were added to a WhatsApp group named "Hack warning 1" on Monday afternoon by the personal mobile phone number of government whip Mike Freer.

    Startled MPs, including several cabinet ministers, immediately left the group en masse, before Freer's number was also removed. BuzzFeed has obscured the phone numbers of the MPs in the group.

    The MP told friends on Facebook that he had been hacked and that they should ignore "any email suggesting [he] need[s] overseas contacts for a government payment". One recipient of an email purportedly from Freer said it asked for contacts in China.

    Freer told BuzzFeed News: "Parliamentary authorities are currently investigating." He declined to answer any other questions.

    A parliamentary spokesperson said they would not be commenting.

    In 2017, Iran was blamed for a cyberattack on the email accounts of dozens of MPs. The “sustained and determined” hacking attempt reportedly compromised the accounts of around 90 MPs and parliamentary staffers.

    It is not yet clear how many MPs' contact details have been compromised this time round, or who is responsible for the apparent hacking attempt.