Canada’s Parliament Suffers Data Breach

Uploaded on 2025-08-17 in NEWS-Cybersecurity News, GOVERNMENT-National, FREE TO VIEW

Canada's cyber security agency are investigating a significant data breach at the national parliament caused by an unknown threat acto targeting employee information.

The Canadian House of Commons has informed employees of an information breach. and nd the Commons said that a malicious  hacker was able to exploit a knoen Microsoft vulnerability to get access to a database that contains data used to manage computers and mobile devices.

The unknown attackers has used an exloit known as CVE-2025-53770 to breach numereous other organisations, including the US National Nuclear Security Administration, the US Department of Education, Florida's Department of Revenue, the Rhode Island General Assembly,as weel government networks in Europe and the Middle East.

The CVE-2025-53786 exploit is high-severity Microsoft Exchange flaw, which allows attackers to move laterally in Microsoft cloud environments, one so serious that the US Cybersecurity and Infrastructure Security Agency (CISA) has issued an emergency directive.

Some of the information obtained by the hacker is not available to the Canadian public, including employees' names, job titles, office locations and email addresses, as well as information regarding their House of Commons-managed computers and mobile devices. At present, there is s no concrete information on how many employees have been affected by the breach, although the House of Commons is carrying out an investigation. A recent email to staff warned them to be on the lookout for scammers using the stolen data for phishing attempts.

Canada's Communications Security Establishment (CSE) said it is aware of the incident and is working with the House of Commons to provide support, but could not confirm who was behind the attack.

The CSE defines a threat actor as a group or individual that aims "with malicious intent" to "gain unauthorised access to or otherwise affect victims' data, devices, systems and networks." A recent threat report from the CSE found that adversarial nations, including the People's Republic of China (PRC), Russia and Iran, are increasingly behind cyber threats to Canada. But the agency said it's too early to tell who, or what, was behind this breach.

"Attribution of a cyber incident is difficult. Investigating cyber threat activity takes resources and time, and there are many considerations involved in the process of attributing malicious cyber activity," said the CSE in a statement. It calls on employees and members of the House of Commons to be especially vigilant as information accessed during the breach could be used in scams, or to target and impersonate parliamentarians. 

The House of Commons said it was working with national security partners to investigate the matter, but would not disclose information, including how many employees are affected, citing the ongoing probe. 

Image: Midjourney

CBC   |  Government of Canada   |   IT Pro   |   Bleeping Computer   |   CISA     |   Dig Watch     |   The Record

You Might Also Read: 

Germany’s Christian Democratic Party Attacked:

If you like this website and use the comprehensive 8,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« What Are The Cyber Effects On Philosophy?
Specialst Telecom Provider Under Cyber Attack »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Cristie Data

Cristie Data

Cristie have been a trusted, innovative and leading edge data storage, backup and virtualisation solutions provider across all sectors of industry for over 40 years.

CloudHesive

CloudHesive

CloudHesive provides cloud solutions through consulting and managed services with a focus on security, reliability, availability and scalability.

IT2Trust

IT2Trust

IT2Trust is one of Scandinavia’s leading value-added distributors of business-critical IT solutions within IT security and networking.

VigiTrust

VigiTrust

VigiTrust is a security firm specializing in cloud based eLearning programs, security compliance portals and providing security assessments.

Spire Solutions

Spire Solutions

Spire Solutions is the Middle East & Africa region’s leading cybersecurity solution provider and value-added distributor (VAD).

TUV Rheinland Group

TUV Rheinland Group

TUV Rheinland Group is a testing services company with nearly 145 years of technological experience. We help you to protect your systems comprehensively, proactively and permanently.

Ericom Software

Ericom Software

Ericom is a global leader in securing and connecting the digital workspace, offering solutions that secure browsing, and optimize desktop and application delivery to any device, anywhere.

Sponge

Sponge

Sponge is a world-renowned digital learning provider on a mission to make learning unforgettable.

Avertium

Avertium

Avertium is the managed security and consulting provider that companies turn to when they want more than check-the-box cybersecurity.

DataFleets

DataFleets

DataFleets is a privacy-preserving data engine that unifies distributed data for rapid access, agile analytics, and automated compliance.

Netizen

Netizen

Netizen is an award-winning company that develops and leverages innovative solutions to enable a more secure cyberspace for clients in government and commercial markets.

Vaultinum

Vaultinum

Vaultinum are a trusted independent third party specialized in the protection and audit of digital assets.

Illustria

Illustria

Illustria is your agent-less “watchdog” for all open source libraries. Our mission is becoming a dev-velocity company, enabled via cyber security.

DNSFilter

DNSFilter

DNSFilter is the most accurate threat detection and content filtering tool on the market today.

Secure Enterprise Engineering (SEE)

Secure Enterprise Engineering (SEE)

SEE provides disruptive cybersecurity system engineering, architecture, and operational capabilities to make our customer’s missions execute faster, smarter, and more securely.

Ciena

Ciena

Ciena is a global leader in optical and routing systems, services, and automation software. We build the world’s most adaptive networks to address ever-increasing digital demands.