Cyber Incident Victim: Manchester
Date:
Apr 2025
Location:
United Kingdom
Summary
Lucy Powell's X account was compromisedand used to post promotional content for a newly created House of Commons‑themed cryptocurrency, which was later removed after her office confirmed the breach and secured the account. The incident follows a pattern of similar attacks on high‑profile accounts, including that of BBC journalist Nick Robinson, where attackers employ phishing or leaked credentials to launch pump‑and‑dump schemes; in this case the fraudulent token saw only a few dozen trades yielding a modest profit before being taken down. Action Fraud advised setting up two‑step verification and using strong, unique passwords.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
Minister Lucy Powell’s X account was compromised on Tuesday morning, as confirmed by her office, and a series of posts were published promoting a cryptocurrency labelled "$HCC" that was described as a community‑driven digital currency bringing people’s power to the blockchain. The posts included an image of the House of Commons logo and were later deleted after the breach was detected. Her office stated that steps were taken quickly to secure the account and remove the misleading content. The account, which is verified and notes her cabinet position in the bio, has nearly 70,000 followers and belongs to the MP for Manchester Central.
Lucy Powell has served as leader of the House of Commons since Labour won power the previous summer, a role that involves planning and supervising the government’s legislative programme while upholding the rights of backbench MPs. The hijacking of her account followed a pattern observed in other high‑profile cases, including the earlier hack of BBC journalist Nick Robinson’s X account, which was used to promote a "$Today" cryptocurrency after he clicked on a deceptive email purporting to be from the platform. Cyber criminals often gain control of such accounts through phishing emails or by exploiting passwords obtained from data breaches, then rapidly create and launch low‑effort crypto coins to exploit the trust associated with the compromised profiles. In this instance, the "$HCC" coin was characterised by Luke Nolan of CoinShares as a pump‑and‑dump scheme, whereby the creators inflate the coin’s value, attract investment, sell their holdings for profit, and leave the asset worthless. The coin saw only 34 transactions, resulting in an estimated profit of about £225 before the activity was curtailed.
A House of Commons spokesman affirmed that UK Parliament treats cyber security with utmost seriousness, providing general advice to members about digital safety while refraining from commenting on specific policy details. Action Fraud reported a rise in social and email account compromises in 2024, logging 35,343 incidents and recommending the use of two‑step verification and strong, unique passwords composed of three random words. These statements reflect the official response and the broader context of the incident without introducing speculation or prescriptive guidance.