The Conservative Party of Canada experienced a targeted data breach on November 17, exposing the financial records of 15 MPs, including high-profile members like Jamil Jivani and Billy Morin. The leaked documents—obtained from credit agency reports—contained sensitive details such as loans, mortgages, payment histories, and outstanding debts, originally submitted during nomination processes. The breach was executed via an email sent to party insiders by an anonymous actor using the alias *'Rory McTory'* (a placeholder name used internally by the party). The incident was reported to the Canadian Centre for Cyber Security and the RCMP, with the party vowing legal action against those responsible. The breach mirrors past security failures, including a 2020 leadership race data theft and a 2011 hack by LulzRaft, which exposed donor lists and published false information. No ransomware or broader systemic disruption was reported, but the leak risks reputational damage, financial exposure for affected MPs, and potential misuse of personal financial data by malicious actors.
Conservative Party of Canada cybersecurity rating report: https://www.rankiteo.com/company/conservative-party-of-canada
"id": "CON1302113112225",
"linkid": "conservative-party-of-canada",
"type": "Breach",
"date": "6/2011",
"severity": "60",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"{'affected_entities': [{'industry': 'Government/Politics',
'location': 'Canada',
'name': 'Conservative Party of Canada',
'type': 'Political Party'},
{'industry': 'Government/Politics',
'location': 'Bowmanville–Oshawa North, Ontario, Canada',
'name': 'Jamil Jivani',
'type': 'Individual (MP)'},
{'industry': 'Government/Politics',
'name': 'Billy Morin',
'type': 'Individual (MP, Former Chief of Enoch Cree '
'Nation)'},
{'industry': 'Government/Politics',
'location': 'Various ridings across Canada',
'name': '13 other unnamed Conservative MPs',
'type': 'Individuals (MPs)'}],
'attack_vector': ['Insider Threat (alleged)',
'Phishing/Spoofing (possible)',
'E-mail Compromise'],
'data_breach': {'data_exfiltration': ['E-mailed to party insiders'],
'file_types_exposed': ['Credit agency reports (likely PDFs or '
'documents)'],
'number_of_records_exposed': '15 (one per affected MP)',
'personally_identifiable_information': ['Names',
'Financial account '
'details',
'Payment behaviors',
'Potential addresses '
'(via credit '
'reports)'],
'sensitivity_of_data': 'High (financial and personally '
'identifiable information)',
'type_of_data_compromised': ['Financial records',
'Credit reports',
'Loan/mortgage details',
'Payment histories']},
'date_detected': '2023-11-20',
'date_publicly_disclosed': '2023-11-20',
'description': 'The Conservative Party of Canada is investigating a data '
'breach involving the financial records of 15 of its MPs. The '
'breach exposed documents detailing the individuals’ financial '
'histories, including loans, mortgages, payment histories, and '
'other sensitive financial information. The data was allegedly '
'e-mailed to party insiders by an individual using the '
"pseudonym 'Rory McTory,' a placeholder name previously used "
'internally by the party. The breach was reported to the '
'Canadian Centre for Cyber Security and the RCMP. The affected '
'MPs include high-profile figures such as Jamil Jivani and '
'Billy Morin, most of whom were elected for the first time in '
'April 2023. The records were credit agency reports submitted '
"during the MPs' nomination processes.",
'impact': {'brand_reputation_impact': ['High (political party and affected '
'MPs)',
'Public scrutiny',
'Media coverage'],
'data_compromised': ['Financial records (loans, mortgages, payment '
'histories)',
'Credit agency reports'],
'identity_theft_risk': ['High (financial data exposed)',
'Risk of fraud or impersonation'],
'legal_liabilities': ['Potential violations of privacy laws (e.g., '
'PIPEDA)',
'Possible lawsuits from affected MPs'],
'operational_impact': ['Investigation ongoing',
'Reputation damage',
'Trust erosion among MPs and party members'],
'payment_information_risk': ['Indirect (payment histories '
'exposed)']},
'initial_access_broker': {'entry_point': ['E-mail compromise',
'Insider access (alleged)'],
'high_value_targets': ['Financial records of MPs']},
'investigation_status': 'Ongoing (RCMP and Canadian Centre for Cyber Security '
'involved)',
'motivation': ['Unknown', 'Potential Political or Financial Gain', 'Sabotage'],
'references': [{'date_accessed': '2023-11-20', 'source': 'The Globe and Mail'},
{'date_accessed': '2023-11-20',
'source': 'Conservative Party of Canada (statement via Sarah '
'Fischer)'}],
'regulatory_compliance': {'legal_actions': ['Investigation by RCMP',
'Potential legal action against '
'perpetrator(s)'],
'regulations_violated': ['Potential violation of '
'Canada’s Personal '
'Information Protection '
'and Electronic Documents '
'Act (PIPEDA)'],
'regulatory_notifications': ['Canadian Centre for '
'Cyber Security '
'notified']},
'response': {'communication_strategy': ['Public statement via spokesperson '
'(Sarah Fischer)',
'Media engagement (e.g., The Globe '
'and Mail)'],
'containment_measures': ['Investigation launched',
'Communication with affected MPs'],
'incident_response_plan_activated': True,
'law_enforcement_notified': ['Royal Canadian Mounted Police '
'(RCMP)'],
'third_party_assistance': ['Canadian Centre for Cyber Security']},
'stakeholder_advisories': ['Direct communication with affected MPs'],
'threat_actor': ["Unknown (using pseudonym 'Rory McTory')"],
'title': 'Data Breach Involving Financial Records of 15 Conservative MPs',
'type': ['Data Breach', 'Unauthorized Disclosure']}