Cyber Incident Victim: National Review Commission
Date:
Jun 2015
Location:
Canada
Summary
A hacktivist group breached multiple Canadian government servers, including the National Review Commission, in retaliation for the controversial anti-terror bill C-51. The attackers exfiltrated and leaked personal data—such as employee and user names, email addresses, and plaintext passwords—from compromised systems, including employment insurance and labor ministry databases. The breach exploited vulnerabilities in government servers that stored sensitive information without encryption, validating prior concerns about inadequate security practices. This incident was part of a coordinated campaign targeting government entities to protest expanded surveillance powers under the new law.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 2 techniques |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On July 2, 2015, the hacktivist group Anonymous breached multiple Canadian government servers, including systems belonging to the National Review Commission on employment insurance, the Québec Parental Insurance Plan Centre, and the Ministry of Labor, Employment and Social Solidarity (MTESS). The attackers exfiltrated databases containing first names, last names, thousands of email addresses, and associated clear-text passwords, which were subsequently leaked publicly via Pastebin. Forensic analysis confirmed the authenticity of the leaked data, which had not previously been exposed online. The breach exploited vulnerabilities in government server configurations that allowed unrestricted access to sensitive personal information. Anonymous claimed the attack was a direct retaliation against Canada's enactment of the controversial anti-terrorism bill C-51, which expanded surveillance powers for the Canadian Security Intelligence Service (CSIS).
This incident formed part of a sustained campaign by Anonymous against Canadian government entities following the June 2015 passage of bill C-51. Prior attacks included the June 23 defacement of the Montreal Police Union website with an anti-C-51 video message, the June 24 breach of the Police Association of Ontario (PAO) that exposed personal details of 1,300 employees, and repeated distributed denial-of-service (DDoS) attacks that temporarily shut down Canada.ca, Department of Finance, Treasury Board, and CSIS websites between June 24 and July 1. The attackers consistently cited inadequate cybersecurity practices, particularly the storage of credentials in unencrypted plain text across multiple government systems, as enabling their intrusions. No containment measures or official responses from the affected agencies were documented in the aftermath of the National Review Commission breach. The cumulative impact included persistent disruption of government digital services and unauthorized disclosure of sensitive employee and citizen information across multiple jurisdictions.