Cyber Incident Victim: House of Commons
Date:
Aug 2025
Location:
Canada
Summary
The House of Commons experienced a cyberattack where an unknown threat actor exploited a Microsoft vulnerability to gain unauthorized access to an internal database. This breach compromised non-public employee information including names, job titles, office locations, email addresses, and details about institution-managed computers and mobile devices. Canada's cybersecurity agency is assisting the investigation, though attribution remains difficult. The accessed data could potentially be used for scams or impersonation targeting parliamentarians, prompting heightened vigilance. The institution is collaborating with national security partners on the ongoing probe.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 0 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On Friday, August 11, 2025, an unidentified threat actor successfully exploited a recent Microsoft vulnerability to gain unauthorized access to a House of Commons database. This database contained information used to manage computers and mobile devices issued to House of Commons personnel. The breach was detected, prompting an internal email alert to House of Commons staff on Monday, August 14, 2025. The email confirmed the unauthorized access and identified the compromised data as non-public employee information. Specifically, the accessed data included the names, job titles, office locations, and email addresses of employees. Information regarding the House of Commons-managed computers and mobile devices assigned to these employees was also accessed during the incident. The House of Commons characterized the attacker as a malicious actor exploiting a vulnerability for unauthorized access.
The House of Commons initiated an investigation into the breach, collaborating with Canada's Communications Security Establishment (CSE) and national security partners. The CSE confirmed awareness of the incident and provided support but explicitly stated it was too early to attribute the attack to any specific individual, group, or nation. The CSE acknowledged the inherent difficulty and resource-intensive nature of attributing cyber incidents, citing its own recent threat report which noted adversarial nations like the People's Republic of China, Russia, and Iran as increasingly responsible for cyber threats to Canada. Citing the ongoing investigation, the House of Commons declined to disclose further details, including the exact number of affected employees. The internal email warned employees and Members of Parliament to be especially vigilant, as the stolen information could potentially be used in scams or to target and impersonate parliamentarians. This incident occurred against a backdrop described by the Canadian Centre for Cyber Security, which reported Canada as a valuable target facing a sharp increase in the number and severity of cyber incidents over the preceding two years, with state adversaries becoming bolder and cybercriminals leveraging new illicit tools and artificial intelligence.