Canada’s Parliament Suffers Data Breach

Uploaded on 2025-08-17 in NEWS-Cybersecurity News, GOVERNMENT-National, FREE TO VIEW

Canada's cyber security agency are investigating a significant data breach at the national parliament caused by an unknown threat acto targeting employee information.

The Canadian House of Commons has informed employees of an information breach. and nd the Commons said that a malicious  hacker was able to exploit a knoen Microsoft vulnerability to get access to a database that contains data used to manage computers and mobile devices.

The unknown attackers has used an exloit known as CVE-2025-53770 to breach numereous other organisations, including the US National Nuclear Security Administration, the US Department of Education, Florida's Department of Revenue, the Rhode Island General Assembly,as weel government networks in Europe and the Middle East.

The CVE-2025-53786 exploit is high-severity Microsoft Exchange flaw, which allows attackers to move laterally in Microsoft cloud environments, one so serious that the US Cybersecurity and Infrastructure Security Agency (CISA) has issued an emergency directive.

Some of the information obtained by the hacker is not available to the Canadian public, including employees' names, job titles, office locations and email addresses, as well as information regarding their House of Commons-managed computers and mobile devices. At present, there is s no concrete information on how many employees have been affected by the breach, although the House of Commons is carrying out an investigation. A recent email to staff warned them to be on the lookout for scammers using the stolen data for phishing attempts.

Canada's Communications Security Establishment (CSE) said it is aware of the incident and is working with the House of Commons to provide support, but could not confirm who was behind the attack.

The CSE defines a threat actor as a group or individual that aims "with malicious intent" to "gain unauthorised access to or otherwise affect victims' data, devices, systems and networks." A recent threat report from the CSE found that adversarial nations, including the People's Republic of China (PRC), Russia and Iran, are increasingly behind cyber threats to Canada. But the agency said it's too early to tell who, or what, was behind this breach.

"Attribution of a cyber incident is difficult. Investigating cyber threat activity takes resources and time, and there are many considerations involved in the process of attributing malicious cyber activity," said the CSE in a statement. It calls on employees and members of the House of Commons to be especially vigilant as information accessed during the breach could be used in scams, or to target and impersonate parliamentarians. 

The House of Commons said it was working with national security partners to investigate the matter, but would not disclose information, including how many employees are affected, citing the ongoing probe. 

Image: Midjourney

CBC   |  Government of Canada   |   IT Pro   |   Bleeping Computer   |   CISA     |   Dig Watch     |   The Record

You Might Also Read: 

Germany’s Christian Democratic Party Attacked:

If you like this website and use the comprehensive 8,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« What Are The Cyber Effects On Philosophy?
Specialst Telecom Provider Under Cyber Attack »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

ADF Solutions

ADF Solutions

ADF Solutions is a leading provider of digital forensic and media storage exploitation tools.

ODVA

ODVA

ODVA is a global trade and standards development organization whose members comprise the world’s leading industrial automation companies.

KPN Security

KPN Security

KPN Security is the largest and most complete provider of IT security services in the Netherlands.

Positive Technologies

Positive Technologies

Positive Technologies is a leading global provider of enterprise security solutions for vulnerability and compliance management, incident and threat analysis, and application protection.

DAkkS

DAkkS

DAkkS is the national accreditation body for Germany. The directory of members provides details of organisations offering certification services for ISO 27001.

Infosequre

Infosequre

Infosequre builds up your security awareness culture and turns your employees into the first line of defense against cyber risks.

Vention

Vention

Vention (formerly iTechArt) is the partner of forward-thinking tech leaders around the globe.

Wiz

Wiz

Wiz - the first cloud visibility solution for enterprise security: A 360° view of security risks across clouds, containers and workloads.

XioGuard

XioGuard

XioGuard is a managed security service for 360-degree cybersecurity coverage, protecting the entire attack surface, increasing performance, reducing cost, and simplifying operations.

Alkira

Alkira

Alkira has reinvented networking for the cloud era by delivering the network cloud, the first global unified network infrastructure with on-demand hybrid and multi-cloud connectivity.

Avrem Technologies

Avrem Technologies

Avrem Technologies is a business IT and cybersecurity consulting firm. We design, implement, manage and monitor the networks, servers, computers and software that our clients rely on each day.

CAT Labs

CAT Labs

CAT Labs is building digital asset recovery and cybersecurity tools to enable governments to fight crypto crime and to protect investors from hacks, fraud and scams.

CYBRI

CYBRI

CYBRI is a cybersecurity company helping businesses detect and remediate mission-critical vulnerabilities before they get exploited by hackers.

Brunswick Group

Brunswick Group

Brunswick is a critical issues firm. We advise the world’s leading companies on how to navigate the critical issues they face and engage with their critical stakeholders.

SiyanoAV

SiyanoAV

SiyanoAV's range of antivirus products delivers strong protection against various cyber threats, including malware, ransomware, phishing schemes, and beyond.

Mantra

Mantra

Empower your employees against hackers with Mantra's first all-in-one phishing simulation and cybersecurity awareness platform.