Cyber Incident Victim: Quebec Parental Insurance Plan Centre
Date:
Jul 2015
Location:
Canada
Summary
A cyberattack attributed to Anonymous breached the Quebec Parental Insurance Plan Centre and other Canadian government entities, compromising servers and exfiltrating sensitive personal data including employee and user first names, last names, email addresses, and plaintext passwords. The attackers leaked the databases online, exploiting vulnerabilities in government systems that stored credentials without encryption. This incident was part of a broader campaign targeting multiple Canadian government websites and agencies in retaliation for the passage of the controversial anti-terror bill C-51, which expanded surveillance powers. The hacktivist group previously defaced and disrupted several official portals, including those of law enforcement and intelligence agencies, demanding the legislation's repeal.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On July 3, 2015, the Anonymous hacktivist group breached multiple Canadian government servers, including the Québec Parental Insurance Plan Centre, the Ministry of Labor, Employment and Social Solidarity (MTESS), and the National Review Commission website on employment insurance. The attackers exploited vulnerabilities in the servers to access and exfiltrate personal data of employees and users, including first names, last names, email addresses, and plain-text passwords. Anonymous subsequently leaked the stolen databases on Pastebin, with independent verification confirming the legitimacy of the data and its prior absence from public leaks. The breach highlighted systemic security failures, particularly the storage of sensitive credentials in unencrypted plain-text formats, a practice previously observed in Anonymous’ June 24, 2015, breach of the Police Association of Ontario, which exposed 1,300 employee and user records. The July 3 incident formed part of a coordinated retaliation campaign against Canada’s enactment of the controversial anti-terror bill C-51, which expanded surveillance powers for the Canadian Security Intelligence Service (CSIS).
This attack followed a series of disruptive operations by Anonymous targeting Canadian government infrastructure. On June 23, 2015, the group defaced the Montreal Police Union’s website with an anti-C-51 video message. The next day, they breached the Police Association of Ontario’s servers. On July 1, Anonymous repeatedly shut down the CSIS official website. The July 3 breach further escalated these efforts, compromising multiple agencies and exposing non-public personal data. The attackers explicitly cited opposition to bill C-51 as their motivation, framing the intrusions as protests against expanded state surveillance capabilities. Consequences included the public exposure of sensitive user information, operational disruptions to government services, and reputational damage due to inadequate cybersecurity practices. The cumulative impact of these incidents demonstrated sustained targeting of Canadian government entities over a 10-day period, with no documented containment or remediation actions provided in the available source material.