Canada’s House of Commons data breach is under active investigation after a cyberattack late last week. Staff were informed by email that an intruder exploited a recent Microsoft vulnerability to access a database used to manage House of Commons computers and mobile devices. During the intrusion, some non-public employee data was copied, including names, job titles, office locations, and email addresses.
Officials cautioned Members of Parliament and employees to watch for fraud attempts or impersonation that could leverage the stolen details. As of now, the lower house has not issued a public statement naming the vulnerability or the threat actor involved.
What The House Of Commons Says Was Accessed
Internal notifications describe a breach of a device-management database and the theft of limited personnel information not ordinarily available to the public. The alert specifically referenced:
- Names and job titles
- Office locations
- Work email addresses
Employees and members were advised that this information could be misused to spoof identities, pivot into social-engineering attempts, or support tailored phishing campaigns.
Microsoft Vulnerabilities Cited Amid Wider Government Alerts
Neither the House of Commons nor Canada’s Communications Security Establishment (CSE) identified the exact Microsoft flaw. However, Canada’s Cyber Centre has recently urged IT teams nationwide to harden systems against two Microsoft vulnerabilities: a SharePoint Server bug tracked as CVE-2025-53770 (known as “ToolShell”) and a Microsoft Exchange flaw tracked as CVE-2025-53786.
Authorities say the SharePoint vulnerability has been actively exploited as a zero-day since early July by multiple threat groups, including state-backed actors and ransomware operators, in attacks that reached high-profile organizations in North America, Europe, and the Middle East. The Microsoft Exchange issue drew an emergency directive from the U.S. Cybersecurity and Infrastructure Security Agency, which warned that failure to mitigate could lead:
“to a hybrid cloud and on-premises total domain compromise.”
Security telemetry shared this week also indicated tens of thousands of Exchange servers remain exposed on the internet, with over 800 unpatched instances identified in Canada alone. Those figures underscore the window of opportunity attackers still have to chain cloud and on-premises weaknesses.
Officials Support The Investigation, But Avoid Attribution
Canada’s Cyber Centre confirmed it is assisting the House of Commons data breach investigation and stressed that naming a responsible actor is complex and time-consuming:
“However, we can tell you that we are aware of the incident and working with the House of Commons to provide support,” the Cyber Centre said.
“Attribution of a cyber incident is difficult. Investigating cyber threat activity takes resources and time, and there are many considerations involved in the process of attributing malicious cyber activity to specific threat actors, and/or nation-states.”
No timeline has been shared for public findings. For now, the focus remains on containment, forensics, and countering any follow-on impersonation or phishing activity that may exploit the stolen staff data.
