Cyber Incident Victim: Ontario
Date:
Oct 2022
Location:
Canada
Summary
A cyber incident targeting Canadian parliamentary infrastructure prompted password resets for MPs, their staff, and associated administrative personnel, with some internet-based services restricted as a precaution. Critical functions remained operational during mitigation efforts, though investigators had not identified compromised email accounts or attributed responsibility. The incident followed prior warnings about systemic cybersecurity vulnerabilities and state-sponsored threats, echoing an earlier breach at Global Affairs Canada. Analysts suggested the password reset directive indicated potential credential exposure, raising concerns about unauthorized access to secure systems and sensitive data. The Canadian Centre for Cyber Security supported response efforts while the investigation remained ongoing.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On October 12, 2022, Members of Parliament and associated Canadian government personnel were instructed to change their email passwords following the detection of a cyber incident targeting parliamentary IT infrastructure. The threat was identified the previous week on October 5, prompting the House of Commons administration to restrict certain internet-based services while maintaining critical functions for parliamentarians and staff. Affected users spanned all entities served by House of Commons systems, including MPs, their staff, Senate personnel, Library of Parliament employees, Parliamentary Protective Service members, and staff of the Conflict of Interest and Ethics Commissioner. An October 14 alert had already prompted some password updates, but subsequent communications urged remaining users to reset credentials upon their next network login. Multiple MPs confirmed receiving these directives, with Conservative MP Matt Jeneroux expressing concern about potential exposure of sensitive cross-party information. The Speaker's Office, through spokesperson Amelie Crosson, stated no evidence indicated compromise of individual email accounts but acknowledged ongoing investigation into the attack's origin and potential data impacts.
The incident prompted analysis from Canadian technology expert Carmi Levy, who characterized the password reset mandate as atypical and indicative of credential compromise risks. Levy warned that breached authentication details could enable unauthorized access to government systems, personal accounts, and identity theft frameworks. The Canadian Centre for Cyber Security confirmed awareness of the incident and collaboration with federal authorities to preserve essential services. This breach occurred eight months after Global Affairs Canada suffered a separate cyber attack in January 2022, and followed August 2022 testimony from an RCMP official about persistent targeting of parliamentarians by hostile actors. Earlier cybersecurity enhancements included specialized device distributions and training for MPs and staff. A February 2022 report from the National Security and Intelligence Committee of Parliamentarians had previously identified systemic vulnerabilities in government cyber defenses, specifically highlighting risks from state-sponsored hackers affiliated with nations including China and Russia.