Breach cyber

House of Commons of Canada

Aug 14, 2025 3 min read
House of Commons of Canada

On **August 9, 2025**, the **Canadian House of Commons** suffered a cyberattack where threat actors exploited a **critical Microsoft SharePoint vulnerability (CVE-2025-53770, CVSS 9.8)** to gain unauthorized access to a database managing parliamentary IT systems. The breach exposed **sensitive employee data**, including names, job titles, office locations, email addresses, and details of government-managed computers and mobile devices. The stolen information poses risks of **targeted phishing, impersonation, and further infiltration** against parliamentarians and staff. While no direct financial or operational disruption was reported, the incident underscores vulnerabilities in Canada’s government cybersecurity defenses amid escalating threats from state-backed and criminal actors. Investigations by **Canada’s Communications Security Establishment (CSE)** are ongoing, but attribution remains unclear. The breach aligns with a broader trend of exploits targeting **Microsoft flaws**, with similar attacks compromising global entities like the **U.S. National Nuclear Security Administration** and European government networks.

Source: https://cybersecuritynews.com/canadas-house-of-commons-cyberattack/

TPRM report: https://www.rankiteo.com/company/houseofcommons-

"id": "hou735081425",
"linkid": "houseofcommons-",
"type": "Breach",
"date": "8/2025",
"severity": "60",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"
{'affected_entities': [{'industry': 'Public Administration / Legislative Body',
                        'location': 'Ottawa, Ontario, Canada',
                        'name': 'House of Commons of Canada',
                        'type': 'Government Institution'}],
 'attack_vector': ['Exploitation of Public-Facing Application (SharePoint)',
                   'Remote Code Execution (RCE)',
                   'Unauthenticated Access'],
 'data_breach': {'data_exfiltration': True,
                 'file_types_exposed': ['Database records (likely '
                                        'SQL/structured data)'],
                 'personally_identifiable_information': ['Names',
                                                         'Job titles',
                                                         'Office locations',
                                                         'Email addresses'],
                 'sensitivity_of_data': ['Moderate to High (enables targeted '
                                         'attacks)',
                                         'Non-public government employee data'],
                 'type_of_data_compromised': ['Personnel Records',
                                              'IT Asset Information']},
 'date_detected': '2025-08-09',
 'date_publicly_disclosed': '2025-08-12',
 'description': 'A cyberattack hit the Canadian House of Commons on August 9, '
                '2025, when threat actors exploited a recently disclosed '
                "Microsoft vulnerability (likely CVE-2025-53770, 'ToolShell') "
                'to gain unauthorized access to a database containing '
                'sensitive employee information and details about House of '
                'Commons-managed computers and mobile devices. The compromised '
                'data includes employees’ names, job titles, office locations, '
                'email addresses, and device information. The breach poses '
                'risks for targeted phishing, impersonation attacks, or '
                'further infiltration. The incident is under investigation by '
                'Canada’s Communications Security Establishment (CSE) in '
                'collaboration with the House of Commons, though the specific '
                'threat actors remain unidentified. The attack aligns with a '
                'broader trend of escalating cyber threats against Canadian '
                'government institutions, particularly exploiting critical '
                'Microsoft vulnerabilities like CVE-2025-53770 (SharePoint) '
                'and CVE-2025-53779 (Windows Kerberos).',
 'impact': {'brand_reputation_impact': ['Erosion of public trust in government '
                                        'cybersecurity',
                                        'Potential political fallout'],
            'data_compromised': ['Employee names',
                                 'Job titles',
                                 'Office locations',
                                 'Email addresses',
                                 'House of Commons-managed computers and '
                                 'mobile devices (detailed information)'],
            'identity_theft_risk': ['High (employee data exposed)',
                                    'Risk of impersonation attacks against '
                                    'parliamentarians'],
            'operational_impact': ['Heightened vigilance required for '
                                   'phishing/impersonation risks',
                                   'Ongoing investigation disrupting normal '
                                   'operations'],
            'systems_affected': ['SharePoint Server (on-premises)',
                                 'Database managing parliamentary '
                                 'computers/mobile devices']},
 'initial_access_broker': {'data_sold_on_dark_web': ['Potential (not '
                                                     'confirmed)'],
                           'entry_point': ['Exploited SharePoint Server '
                                           'vulnerability (CVE-2025-53770)'],
                           'high_value_targets': ['Parliamentarians',
                                                  'House of Commons staff',
                                                  'Government IT systems']},
 'investigation_status': 'Ongoing (attribution and full scope not yet '
                         'determined)',
 'motivation': ['Espionage (likely, given targeting of government)',
                'Potential for Follow-on Attacks (e.g., phishing, lateral '
                'movement)',
                'Data Theft for Dark Web Sale'],
 'post_incident_analysis': {'root_causes': ['Unpatched critical vulnerability '
                                            '(CVE-2025-53770)',
                                            'Possible delays in applying '
                                            'Microsoft security updates',
                                            'Inadequate segmentation of '
                                            'sensitive databases']},
 'ransomware': {'data_exfiltration': True},
 'references': [{'source': 'CBC News'},
                {'source': 'Canada’s Communications Security Establishment '
                           '(CSE)'},
                {'source': 'National Cyber Threat Assessment 2025-2026 '
                           '(Canada)'},
                {'source': 'Microsoft August 2025 Patch Tuesday Advisory'}],
 'regulatory_compliance': {'regulations_violated': ['Potential violations of '
                                                    'Canada’s *Privacy Act* '
                                                    '(personal information '
                                                    'protection)',
                                                    'Possible non-compliance '
                                                    'with *Policy on '
                                                    'Government Security*'],
                           'regulatory_notifications': ['Internal notification '
                                                        'to affected employees',
                                                        'Collaboration with '
                                                        'CSE (national '
                                                        'cybersecurity '
                                                        'authority)']},
 'response': {'communication_strategy': ['Internal email to House of Commons '
                                         'staff (via CBC News report)',
                                         'Public advisory urging vigilance '
                                         'against phishing/impersonation'],
              'enhanced_monitoring': ['Likely implemented (not explicitly '
                                      'stated)'],
              'incident_response_plan_activated': True,
              'third_party_assistance': ['Canada’s Communications Security '
                                         'Establishment (CSE)']},
 'stakeholder_advisories': ['House of Commons staff notified via internal '
                            'email',
                            'Public warned about phishing/impersonation risks'],
 'title': 'Cyberattack on Canadian House of Commons Exploiting Microsoft '
          'Vulnerability',
 'type': ['Data Breach',
          'Unauthorized Access',
          'Exploitation of Vulnerability'],
 'vulnerability_exploited': ["CVE-2025-53770 (SharePoint Server, 'ToolShell')",
                             'Potentially CVE-2025-53779 (Windows Kerberos)']}
Published by
Jeremy C
Jeremy C
You might also like
Breach cyber

T-Mobile

public 3 min read
T-Mobile faced a series of high-profile data breaches dating back to 2021, resulting in the unauthorized exposure of **customers’ personally…
Jeremy C Jeremy C
Breach cyber

AT&T

public 3 min read
AT&T faced two major data breaches in 2024, exposing sensitive information of millions of customers. The first breach,…
Jeremy C Jeremy C
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.