The House of Commons of Canada is investigating a data breach following a cyberattack that was reported last Friday. CBC News cited that staff were notified on Monday by email that an attacker had accessed a database used to manage House of Commons computers and mobile devices and had stolen some employee information. For reference, CBC News reported the development.
Officials said the breach exposed employee data that was not publicly available, including names, job titles, office locations and email addresses. The Parliament urged employees and members to be vigilant for fraudulent attempts that could use the stolen information to impersonate parliamentarians or mount scams.
The Canadian Centre for Cyber Security (Cyber Centre), part of the Communications Security Establishment, said it is supporting the House of Commons’ ongoing investigation but did not attribute the attack to a specific threat actor. In a statement, Cyber Centre officials cautioned that attributing cyber activity to particular threat actors is complex and requires careful analysis and time.
A spokesperson for the House of Commons did not immediately respond to requests for comment regarding the breach.
Context on recently patched Microsoft vulnerabilities
The Cyber Centre recently warned IT professionals across Canada to secure their systems against two Microsoft vulnerabilities: a SharePoint Server flaw tracked as CVE-2025-53770 (ToolShell) and a Microsoft Exchange vulnerability tracked as CVE-2025-53786. The Cyber Centre’s advisory on the SharePoint vulnerability can be read here: SharePoint vulnerability advisory.
Experts say CVE-2025-53770 has seen widespread exploitation in zero-day attacks by multiple threat groups, including state-backed actors and ransomware crews, according to the Cyber Centre’s reporting. The Exchange flaw CVE-2025-53786 is described as high severity and can enable attackers to move laterally within Microsoft cloud environments. The Cyber Centre’s advisory for Exchange is available here.
Security researchers have warned that tens of thousands of Exchange servers remain unpatched globally, with hundreds of affected addresses identified in Canada, underscoring the ongoing risk as organizations patch their systems.
For readers seeking further context, a related report accompanies additional analysis on the matter here: Picus Blue Report 2025.