Houses of Parliament spokesman on Sunday said that less than 90 email accounts belonging to the peers and the MPs are believed to have been hacked by an orchestrated cyber-attack.
The hackers targeted the parliament on Friday in an attack that required gaining access to accounts protected by weak passwords.
Reportedly, the MPs said that they were unable to access their emails after the attack began and cited blackmail as a possible motive.
The parliamentary spokesman said that the authorities had found that less than one percent of parliament’s 9,000 email addresses had been compromised.
The estate’s digital services team said that they had made possible changes to the accounts to block out the hackers.
Those whose emails were compromised had used weak passwords despite advice to the contrary, the parliamentary spokesman said.
“Investigations are ongoing, but it has become clear that significantly less than 1% of the 9,000 accounts on the parliamentary network have been compromised as a result of the use of weak passwords that did not conform to guidance issued by the Parliamentary Digital Service.
“As they are identified, the individuals whose accounts have been compromised have been contacted and investigations to determine whether any data has been lost are under way,” he said.
Tory MP Andrew Bridgen said such an attack “absolutely” could leave some people open to blackmail. “Constituents want to know the information they send to us is completely secure,” he said.
An email sent to all those affected, seen by the Guardian, said: “Earlier this morning, we discovered unusual activity and evidence of an attempted cyber-attack on our computer network. Closer investigation by our team confirmed that hackers were carrying out a sustained and determined attack on all parliamentary user accounts in an attempt to identify weak passwords.
“These attempts specifically were trying to gain access to our emails. We have been working closely with the National Cyber Security Centre to identify the method of the attack and have made changes to prevent the attackers gaining access, however, our investigation continues.”
The changes are supposed to have stopped MPs and their offices from accessing emails on mobile phones and tablets outside Westminster.