Cyber Incident Victim: Anonymous
Date:
Jul 2015
Location:
Canada
Summary
Anonymous breached multiple Canadian government servers, including the Québec Parental Insurance Plan Centre, the Ministry of Labor, Employment and Social Solidarity, and the National Review Commission website, leaking databases containing employee and user personal information such as names, email addresses, and plain-text passwords. The attacks were retaliation against the controversial anti-terror bill C-51, which expanded government surveillance powers. This incident followed prior cyber operations by the group targeting the Montreal Police Union, the Police Association of Ontario—where employee data was exposed—and repeated disruptions of the Canadian Security Intelligence Service website, all part of an ongoing campaign opposing the legislation.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 2 techniques |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
The Anonymous hacktivist collective executed a series of cyber attacks against Canadian government infrastructure between June 23 and July 3, 2015, in direct retaliation for the passage of Bill C-51. The campaign began on June 23 with the defacement of the Montreal Police Union website, where attackers left an anti-C-51 video message. The following day, Anonymous breached the Police Association of Ontario (PAO) servers, compromising and leaking personal details of 1,300 employees and registered users, including plain-text passwords stored insecurely. This pattern of exploiting poor password security practices continued as the group escalated operations, successfully shutting down Canada.ca (the federal government's primary web portal), Department of Finance, and Treasury Board websites on unspecified dates prior to July 3. The attacks culminated on July 1 with repeated distributed denial-of-service (DDoS) attacks that disabled the Canadian Security Intelligence Service (CSIS) website, coinciding with Canada Day celebrations.
On July 3, Anonymous conducted its most significant breach by infiltrating three critical Quebec government systems: the Québec Parental Insurance Plan Centre, the Ministry of Labor, Employment and Social Solidarity (MTESS), and the National Review Commission on employment insurance. Attackers extracted and published databases containing thousands of employee and user records through Pastebin, exposing first names, last names, email addresses, and corresponding plain-text passwords. Technical analysis confirmed the authenticity of the leaked data, which had never previously appeared in public breaches. The attackers exploited systemic vulnerabilities in Canadian government servers, particularly the persistent practice of storing sensitive credentials in unencrypted formats. These coordinated operations demonstrated Anonymous' ability to disrupt essential services and compromise sensitive citizen data while highlighting inadequate cybersecurity practices across multiple Canadian government entities. The campaign represented a sustained digital protest against Bill C-51's expansion of surveillance powers, with Anonymous explicitly threatening continued attacks until the legislation was repealed.