Thousands of British email addresses and encrypted passwords, including those of defence, intelligence and police officials as well as politicians and Nato advisers, have been revealed on the internet following a security breach by hackers.

Among the huge database of private information exposed by self-styled “hacktivists” are the details of 221 British military officials and 242 Nato staff. Civil servants working at the heart of the UK government – including several in the Cabinet Office as well as advisers to the Joint Intelligence Organisation that acts as the prime minister’s eyes and ears on sensitive information – have also been exposed.

The exposure of the database came after hackers – who are believed to be part of the Anonymous group – gained unauthorised access over Christmas to the account information of Stratfor, a consultancy based in Texas that specialises in foreign affairs and security issues. The database had recorded in spreadsheets the user IDs – usually email addresses – and encrypted passwords of about 850,000 individuals who had subscribed to Stratfor’s website.

Some 75,000 paying subscribers also had their credit card numbers and addresses exposed, including 462 British accounts.

John Bumgarner, an expert in cyber-security at US Cyber Consequences Unit, a research body in Washington, has carried out an analysis of the Stratfor breach on behalf of the Guardian. He has identified within the data posted by the hackers the details of hundreds of UK government officials, some of whom work in highly sensitive areas. Many of the email addresses listed are not routinely made public, and the passwords are all encrypted in code that can quickly and easily be cracked using off-the-shelf software.

Among the leaked email addresses are 221 Ministry of Defence officials identified by Bumgarner, including army and air force personnel. The breach echoes a much larger group of military personnel contained in the database from the US armed forces, where some 19,000 email addresses ending in the .mil domain for the US military were posted.

In the US case, Bumgarner has found, 173 individuals deployed in Afghanistan and 170 in Iraq can be identified. Personal data from the former vice-president Dan Quayle and Henry Kissinger, former secretary of state, were also released.

Other UK government departments have been affected: seven officials in the Cabinet Office have had their details exposed, 45 Foreign Office officials, 14 from the Home Office , 67 Scotland Yard and other police officials, and two employees with the royal household.

There are also 23 people listed who work in the houses of parliament, including Jeremy Corbyn, Labour MP for Islington North, Lady Nicholson and Lord Roper. Corbyn said that he had been unaware of the breach, adding that, although his email address was very public, he was disturbed by the idea that his password could be cracked and used to delete or write emails in a way that “could be very damaging”.

Nicholson, speaking on a phone from Irbil in Iraq, said that she too had no idea that her personal information had been hacked. As a politician, she said, she was used to her privacy being sacrificed and she “rolled with the punches”.

But she was very unhappy that private individuals had had their fundamental right to privacy violated. “To expose civil servants is monstrously unfair,” she said. “Officials in sensitive areas like defence and the military could even be exposed to threats. Guarding data like this is extremely difficult, but it’s not impossible, and we should do a great deal more.”

The hacking into Stratfor has had a big impact because the consultancy offers expert analysis of international affairs, including security issues, and attracts subscribers from sensitive government departments. The British victims include officials with the Joint Intelligence Organisation (JIO) responsible for assessing intelligence from all sources, including MI6 secret agents.

A former deputy head of Whitehall’s strategic horizons unit is listed. The unit is part of the JIO based in the Cabinet Office and was set up four years ago to give early warning of potential serious problems that might have an impact on the country’s security or environment.

Other email addresses point to employees of the Defence Intelligence and Security Centre, a UK agency responsible for training all military personnel in intelligence, security and information support. Among the civil servants listed are a political adviser in the British embassy in Azerbaijan, an adviser to the House of Commons defence committee and an official serving the parliamentary intelligence and security committee.

The extent of the security risk posed by the breach is not known. Bumgarner said that officials who did not take extra precautions in securing passwords through dual authentication or other protection systems could find email and other databases they used being compromised. “Any foreign intelligence service targeting Britain could find these emails useful in identifying individuals connected to sensitive government activities,” he said.

British officials, speaking on condition of anonymity, said they were aware of the hacking, but that it did not pose a risk to national security. Passwords for their communications within Whitehall would be different from any of those used to access the Stratfor sites. Whitehall communications would also be protected by extra security walls, officials said.

However, they added that their personal communications could be at risk if individuals used the same password as they used to access Stratfor for their bank accounts and other personal communications.

Unusually, Whitehall spokesmen declined to comment at all on the record about the hacking and any impact it had on the British government. This suggests that the issue is particularly sensitive and that UK security and intelligence agencies are as yet unsure about its full significance.

Stratfor has removed its website from the internet while it investigates the security breach. The company says it is “working diligently to prevent it from ever happening again”.

This is just the latest action to hit the headlines by hackers associated with Anonymous. The group, whose loose collection of members are scattered around the world and linked through internet chatrooms, has previously targeted Visa, MasterCard and PayPal in protest at the companies’ refusal to accept donations for the whistleblowing website WikiLeaks.

Suspected members of the collective have been arrested in the UK, US and several other countries.