Cyber Incident Victim: Northern Ireland Assembly

In March 2018, the Northern Ireland Assembly at Stormont experienced a cyber attack targeting its email service. Assembly IT services identified unauthorized external attempts to access assembly mailboxes through repeated password attempts, indicating a brute-force or credential-stuffing attack. Upon discovery, Stormont issued an internal warning to all staff and political parties using the email system, advising them of the breach. The attack compromised an unspecified number of email accounts, which were subsequently disabled by Stormont’s IT team to prevent further unauthorized access. The head of IT convened a meeting with staff on the morning of March 27 to address the incident, emphasizing the need for immediate password changes and heightened vigilance against suspicious activity.

Stormont’s IT department collaborated with Microsoft and the UK’s National Cyber Security Centre (NCSC) to monitor and mitigate the attack. No additional technical details about the attack vector, duration, or data exfiltration were disclosed in the available information. The primary confirmed impact was the temporary disabling of breached accounts, with no public reports of operational disruption beyond the email system. Staff were instructed to update their credentials as a containment measure, though the assembly did not specify whether multi-factor authentication or other security enhancements were implemented. The incident underscored existing vulnerabilities in the assembly’s authentication protocols but yielded no further public documentation regarding long-term consequences or attribution.