In the latest installment of our investigation into politicians’ cybersecurity practices, we found the official government email addresses of 44 Swiss politicians for sale on the dark web, roughly 16% of the 277 emails we searched. Constella Intelligence(nouvelle fenêtre) helped us compile this information.

See if your government officials have data on the dark web

Sharp-eyed readers might wonder why we searched for 277 email addresses if there are only 253 politicians between the Council of States, Federal Council, and National Council. The explanation is some politicians publicly share another email address along with their official government one. In these cases, we searched for both.

Since these email addresses are all publicly available, it’s not an issue that they’re on the dark web. However, it is an issue that they appear in data breaches, meaning Swiss politicians violated cybersecurity best practices and used their official emails to create accounts with services like Dropbox, LinkedIn, and Adobe, although there is evidence some Swiss politicians used their government email address to sign up for adult and dating platforms.

We’re not sharing identifying information for obvious reasons, and we notified every affected politician before we published this article.

Politicians put data, accounts at risk

We also found troves of personal information, including birthdates, home addresses, phone numbers, and more. Using their government email address, attackers can easily link this information to the politicians themselves, putting them at increased risk of phishing or blackmail.

We also found 78 exposed passwords linked to these emails, including 58 in plaintext. If these politicians don’t use two-factor authentication, that means there are at least 58 accounts linked to Swiss government officials that attackers could take over — and even more if they reuse passwords.

Switzerland is already a target of hackers

Swiss politicians performed roughly as well as their European colleagues, having few fewer elected officials with exposed information than the UK (68%), the European Parliament (41%), and France (18%), and only slightly more than Italy (15%).

It should be noted that even a single compromised account could have significant ramifications on national security. And this isn’t a hypothetical. The Swiss government is actively being targeted on a regular basis. In 2025, hackers used DDoS attacks(nouvelle fenêtre) to knock the Swiss Federal Administration’s telephones, websites, and services offline. In 2024, Switzerland’s National Cyber Security Center published a report stating the Play ransomware group stole 65,000 government documents(nouvelle fenêtre) containing classified information from a government provider.

How we can all be more secure online

Your email address is your digital ID, linked to nearly every online account you create. If you use the same email for all your accounts, they can be linked together along with their data. And if that email address is personally identifiable — or worse, linked to a government office — attackers can easily create convincing phishing attacks.

The lesson to take away is to limit how much personal information you reveal. Public officials should never use their government email addresses for third-party services. This ties their personal and potentially sensitive online activity to a high-value identity target, making them easy to target. Breaches happen regularly, and once your information is leaked, the only defense is to change your accounts and stay alert for phishing attempts.

Here are a few steps everyone, but especially public figures, can take to protect themselves:

  • Use email aliases: Aliases mask your real email address. You can create a unique alias for every account, and delete any alias that’s exposed in a breach without disrupting your other accounts.
  • Use a password manager: A password manager helps you generate and store strong, unique passwords for each account. It also gives you secure ways to share credentials, so you never need to write them down or share them insecurely.
  • Enable dark web monitoring: Dark web monitoring can alert you if your information appears on illegal marketplaces, giving you the change to take action before it’s exploited.

Proton Pass is a simple solution that provides all of these services. If you choose our Pass Plus plan, you get:

Protect your email address, your accounts (and, if you’re a politician, national secrets) by signing up for a Pass Plus plan today.