On August 9, 2025, the Canadian House of Commons suffered a cyberattack where threat actors exploited a critical Microsoft SharePoint vulnerability (CVE-2025-53770, CVSS 9.8) to gain unauthorized access to a database managing parliamentary IT systems. The breach exposed sensitive employee data, including names, job titles, office locations, email addresses, and details of government-managed computers and mobile devices. The stolen information poses risks of targeted phishing, impersonation, and further infiltration against parliamentarians and staff. While no direct financial or operational disruption was reported, the incident underscores vulnerabilities in Canada’s government cybersecurity defenses amid escalating threats from state-backed and criminal actors. Investigations by Canada’s Communications Security Establishment (CSE) are ongoing, but attribution remains unclear. The breach aligns with a broader trend of exploits targeting Microsoft flaws, with similar attacks compromising global entities like the U.S. National Nuclear Security Administration and European government networks.

Canada’s House of Commons suffered a cyber attack exploiting a zero-day vulnerability in Microsoft SharePoint (CVE-2025-53770, CVSS 9.8). Hackers, suspected to be the China-linked APT group Salt Typhoon, breached a database containing employee information, including names, job titles, office locations, email addresses, and details of House-managed computers and mobile devices. While no group has claimed responsibility, the attack aligns with a broader pattern of Chinese state-sponsored cyber intrusions targeting Canadian government networks over the past four years. The stolen data poses risks of tailored phishing and impersonation attacks against officials. Investigations are ongoing, but the breach exposes internal configurations and heightens concerns over follow-on social engineering campaigns. The incident underscores vulnerabilities in critical Microsoft platforms, with similar exploits recently affecting organizations like Google and the US Department of Health and Human Services.

The IT support staff for the House of Commons administration found an unusually high number of network connection attempts. The Chamber confirms that this cyberattack, which tries to obstruct or impede access to services and information, is a distributed denial of service attack. The House of Commons, which is still keeping an eye on the situation, has not revealed where the attack came from or whether it is aware of the motivations. For a brief time, the sites allegedly did not react, according to the Chamber. But even after the event had occurred for over 24 hours, several website areas remained inaccessible.