There was a swift reaction after Luxembourg's culture radio station 100,7 pointed out a potential security threat to the Chamber of Deputies' website.
In a press release, the chamber confirmed a security issue on its webpages "chamber.lu" and "chd.lu", apparently the result of someone having mistakenly deleted something during the site maintenance process.
This error reopened a known weak spot which had been closed years earlier.
Even though the chamber's IT staff reacted quickly to the security threat, they were not fast enough. In a statement, it stated that an outside intrusion had taken place. However, IT managed to stop the intrusion and then closed the loophole in the system.
Even though the documents accessed were not sensitive, they were internal administrative documents that were not open to the public.
100,7 had informed the chamber about the potential security risk. The station's research had showed that editing weblinks allowed for confidential material to be accessed with a standard web browser.
The radio station said that potentially thousands of documents could have been leaked, such as "provisional reports from the secret service control commission, budgetary increases accorded to SREL [the Luxembourg intelligence agency] and internal notes preparing for the arrival of foreign dignitaries."
Apart from these confidential documents, the leak also violated chamber employees' privacy. 100,7 reported that "personnel matters" had also been exposed.
Chamber president Mars Di Bartolomeo thanked the radio station for highlighting the flaw in their online security system. He applauded the journalists for their discovery, emphasising that the radio station's intrusion had not been "malicious", but necessary to expose flaws in the chamber's security system.
Di Bartolomeo promised to do everything in his power to avoid issues such as these in the future.