Cyber Incident Victim: Régie québécoise des rentes
Date:
Jul 2015
Location:
Canada
Summary
Anonymous breached Canadian government servers, including the Québec Parental Insurance Plan Centre, the Ministry of Labor, Employment and Social Solidarity, and the National Review Commission website on employment insurance, in retaliation for the controversial anti-terror bill C-51. The attackers accessed and leaked databases containing employees' and users' personal information, such as first and last names, email addresses, and plain-text passwords, exposing systemic security failures that stored sensitive data without encryption. This incident was part of a broader campaign targeting multiple government entities, including the Canadian Security Intelligence Service and police union websites, to protest the legislation's expansion of surveillance powers.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On July 3, 2015, the hacktivist group Anonymous breached multiple Canadian government servers in retaliation for the passage of Bill C-51, a controversial anti-terrorism law granting expanded surveillance powers to Canadian intelligence agencies. The attack compromised systems belonging to the Québec Parental Insurance Plan Centre, the Ministry of Labor, Employment and Social Solidarity (MTESS), and the National Review Commission website on employment insurance. Attackers exploited server vulnerabilities to access and exfiltrate databases containing first names, last names, thousands of email addresses, and corresponding plain-text passwords for both employees and users. Anonymous subsequently published the stolen data on Pastebin, with external verification confirming the authenticity of the leaked information. This incident followed a series of cyber operations against Canadian government targets beginning in late June 2015, including the June 23 defacement of the Montreal Police Union website and the June 24 breach of the Police Association of Ontario (PAO), which exposed personal details of 1,300 employees.
The breach exposed systemic security failures, particularly the storage of sensitive credentials in unencrypted plain text across multiple government systems. No containment measures or official responses from the affected agencies were documented in the immediate aftermath. The incident formed part of a sustained campaign against Bill C-51, with Anonymous simultaneously targeting the Canada.ca web portal, Department of Finance, Treasury Board, and repeatedly shutting down the Canadian Security Intelligence Service (CSIS) website on July 1. Operational impacts included temporary unavailability of critical government services and permanent exposure of personally identifiable information. The attackers explicitly framed their actions as political retaliation, vowing continued attacks until the legislation was repealed. Forensic analysis of the leaked data revealed no evidence of prior public exposure, confirming the novelty of the compromised datasets.