Canada's House of Commons is investigating a data breach after a cyberattack reportedly exploited a Microsoft vulnerability, granting unauthorised access to a database for managing parliamentary computers and mobile devices. Staff were notified of the breach this past Monday via internal communications.
The compromised information includes employees' names, job titles, office locations, email addresses, and device-related details. Authorities have warned individuals to be alert for potential impersonation or phishing attempts using the stolen data.
Canada's Communications Security Establishment (CSE) supports the investigation and confirms its involvement. No attribution has been made yet, as identifying specific threat actors remains challenging.
While the exact Microsoft vulnerability has not been publicly confirmed, cybersecurity experts point to a critical SharePoint zero-day (CVE-2025-53770), which has seen wide exploitation. The attack underscores the pressing need for robust cyber defence across government essential infrastructures.
