The House of Commons of Canada is currently investigating a data breach after a threat actor reportedly stole employee information in a cyberattack on Friday.
While the lower house of the Parliament of Canada has yet to issue a public statement regarding this incident, CBC News reports that House of Commons staff were notified of a breach on Monday via email.
The alert states that the attacker exploited a recent Microsoft vulnerability to gain access to a database containing sensitive information used to manage House of Commons computers and mobile devices. During the breach, the threat actor also stole some employee data that isn't publicly available, including their names, job titles, office locations, and email addresses.
Employees and House of Commons members were also urged to be aware of potential fraudulent attempts to use the information stolen during the attack, which could be used to target and impersonate parliamentarians or exploited in scams.
The House of Commons is now collaborating with the country's Communications Security Establishment (CSE), the national security agency, to investigate the impact of the attack.
CSE told CBC News that it couldn't yet confirm who was behind the attack, saying that "attribution of a cyber incident is difficult."
"Investigating cyber threat activity takes resources and time, and there are many considerations involved in the process of attributing malicious cyber activity," said the CSE.
A spokesperson with Canada's Communications Security Establishment (CSE) was unable to provide a statement immediately when contacted by BleepingComputer earlier today.
Recently patched Microsoft vulnerabilities
While the House of Commons and CSE didn't disclose the specific Microsoft vulnerability exploited in the breach, the Canadian Centre for Cyber Security recently warned IT professionals across Canada to secure their systems against two Microsoft security bugs: a Microsoft SharePoint Server flaw (tracked as CVE-2025-53770 and dubbed ToolShell) and a Microsoft Exchange vulnerability (CVE-2025-53786).
... continue reading