UK MPs and parliamentary staff were sent nearly 21 million spam emails in the last financial year, according to a new Freedom of Information (FOI) request.
Cloud hosting company Nimbus Hosting submitted the request to the Parliamentary Estate, which manages the land and buildings used by the House of Parliament.
It revealed that 20,973,102 malicious or unsolicited emails were blocked between April 2018 and March 2019.
Its records for the previous year are incomplete: however, in just half a year, the figure stood at 14.3 million spam emails blocked. This would suggest that in the past financial year fewer spam emails may have been sent than in the previous 12 months, or the effectiveness of systems to spot and block them are declining.
The emails are said to include the full gamut of potentially malicious activity, including phishing attempts, malicious links and attachments, and other tactics.
However, the Parliamentary Estate refused to provide a full breakdown of the findings.
“This level of detail would reveal information about our security operations and network set-up which would be useful to potential cyber-attackers, and as such disclosure of the information would have the effect of increasing the vulnerability of the parliamentary security systems,” it claimed.
It goes without saying that the UK parliament is a major target for spam. In June 2017, around 1% of parliamentary email accounts were cracked open by suspected Iranian state-sponsored hackers. It is suspected they brute-forced or guessed the log-ins.
Those attackers then launched a vishing campaign in the aftermath in an attempt to trick users into handing over their passwords over the phone.
Spam can come from unusual places: in 2016 the Speaker John Bercow was forced to intervene after MPs complained of being bombarded by emails from Donald Trump’s election team.
Bercow described it as an “exceptionally tedious experience.”
Nimbus Hosting managing director, Tim Dunton, argued that email security is more important than ever considering the exceptional circumstances surrounding the current sitting of parliament. Prime Minister Boris Johnson recently signaled his intent to suspend parliament for five weeks in an attempt to force through a No Deal departure from the EU.
“With an increasingly complex Brexit process, it’s critical that all MPs remain vigilant and protect themselves from spam emails, which hackers use to dupe unsuspecting victims into handing over confidential information,” he added.
“Many of these messages contain viruses which could infect the IT systems of individuals or put the security of the wider parliamentary network at risk.”