Post

Critical Microsoft Vulnerability Exploited in Canada’s House of Commons Data Breach

Hackers exploited a critical Microsoft SharePoint vulnerability to breach Canada’s House of Commons, compromising sensitive employee data. Discover the details of the attack, its implications, and the broader cybersecurity threats facing Canada.

Posted
By Vitus White
4 min read
Critical Microsoft Vulnerability Exploited in Canada’s House of Commons Data Breach

TL;DR

  • Hackers exploited a critical Microsoft SharePoint vulnerability (CVE-2025-53770) to breach Canada’s House of Commons, compromising employee data, including names, job titles, email addresses, and device information.
  • The Communications Security Establishment (CSE) is investigating the breach, though the attacker’s identity remains unknown.
  • This incident highlights the growing cyber threats targeting Canada’s critical infrastructure, with state-sponsored actors like China, Russia, and Iran increasingly active.

Introduction

In a concerning development for Canada’s cybersecurity landscape, threat actors successfully breached the House of Commons by exploiting a recently disclosed Microsoft SharePoint vulnerability. The attack, which came to light on August 12, 2025, exposed sensitive employee data and raised alarms about the vulnerability of government institutions to cyber threats. According to reports from CBC News, the breach involved unauthorized access to a database containing information about House of Commons-managed computers and mobile devices, as well as personal details of employees.

This incident underscores the urgent need for robust cybersecurity measures in government agencies, particularly as state-sponsored and criminal hacking groups grow bolder in their efforts to infiltrate critical systems.

Details of the Breach

Exploitation of Microsoft SharePoint Vulnerability

The breach is suspected to be linked to a zero-day vulnerability in Microsoft SharePoint, tracked as CVE-2025-53770. This vulnerability, which carries a CVSS score of 9.8, allows unauthorized attackers to execute code remotely by exploiting a deserialization flaw in on-premises SharePoint Server. Microsoft confirmed in its advisory that active exploitation of this vulnerability is occurring in the wild 1.

Key details about the vulnerability:

  • Type: Deserialization of untrusted data.
  • Impact: Remote code execution (RCE) over a network.
  • Severity: Critical (CVSS 9.8).
  • Discovery: Reported by Viettel Cyber Security via Trend Micro’s Zero Day Initiative (ZDI).

Compromised Data

The breach exposed a database containing:

  • Employee information: Names, job titles, office locations, and email addresses.
  • Device information: Details about House of Commons-managed computers and mobile devices.

While the exact number of affected individuals remains undisclosed, the compromised data could be exploited for phishing attacks, impersonation, or further cyber intrusions.

Response and Investigation

House of Commons and CSE Collaboration

The House of Commons alerted its staff about the breach via an internal email on August 12, 2025. The Communications Security Establishment (CSE), Canada’s premier cybersecurity agency, is actively assisting in the investigation. The CSE defines a threat actor as any individual or group acting with malicious intent to access or disrupt data, devices, or networks without authorization 2.

Attribution Challenges

While the CSE’s 2025-2026 National Cyber Threat Assessment highlights China, Russia, and Iran as increasingly active threats to Canada, the identity of the attacker in this specific breach remains unknown. The report emphasizes that state-sponsored actors are becoming more aggressive, while profit-driven cybercriminals leverage advanced tools and artificial intelligence to exploit vulnerabilities.

Broader Context: Cyber Threats in Canada

Recent Cyber Incidents

Canada has faced a surge in cyber threats over the past two years, targeting critical infrastructure and government institutions. Notable incidents include:

  1. WestJet Cyberattack (June 2025): A cyberattack disrupted access to internal systems and the company’s app, affecting operations 3.
  2. Nova Scotia Power and Emera (April 2025): A cyberattack disrupted the IT systems of the Canadian electric utility, though no power outages occurred 4.
  3. Air Canada (September 2023): A breach exposed employee personal information, highlighting vulnerabilities in the aviation sector 5.
  4. Suncor Energy (June 2023): A cyberattack disrupted payment operations at Petro-Canada gas stations.

Growing Sophistication of Threat Actors

The CSE report warns that state-sponsored actors, particularly those linked to China, are the most sophisticated and persistent threats to Canada’s cybersecurity. Over the past four years, at least 20 federal networks have been breached, underscoring the need for enhanced defensive measures.

Mitigation and Recommendations

Microsoft’s Advisory

Microsoft has urged organizations to apply mitigations outlined in the CVE-2025-53770 advisory while a comprehensive patch is being developed. Key recommendations include:

  • Restricting access to SharePoint servers.
  • Monitoring for suspicious activity.
  • Applying temporary workarounds to prevent exploitation.

House of Commons’ Call for Vigilance

Employees and members of the House of Commons have been advised to:

  • Stay alert for phishing scams and suspicious emails.
  • Report any unusual activity to IT security teams.
  • Follow best practices for securing devices and accounts.

Conclusion

The breach of Canada’s House of Commons serves as a stark reminder of the evolving cyber threats facing government institutions worldwide. As threat actors continue to exploit vulnerabilities in widely used software like Microsoft SharePoint, organizations must prioritize cybersecurity hygiene, proactive monitoring, and rapid incident response.

This incident also highlights the critical role of collaboration between government agencies and cybersecurity experts to mitigate risks and protect sensitive data. Moving forward, Canada must strengthen its defenses against both state-sponsored and criminal cyber threats to safeguard its digital infrastructure.

Additional Resources

For further insights, check:

References

  1. Microsoft (2025). “[CVE-2025-53770 Microsoft SharePoint Server Remote Code Execution Vulnerability](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53770)”. Microsoft Security Response Center. Retrieved 2025-08-15.

    ↩︎

  2. CBC News (2025). “House of Commons data breach”. CBC. Retrieved 2025-08-15. ↩︎

  3. Security Affairs (2025). “Canada’s airline WestJet is containing a cyberattack”. Security Affairs. Retrieved 2025-08-15. ↩︎

  4. Security Affairs (2025). “Canadian electric utility Nova Scotia Power and parent company Emera suffered a cyberattack”. Security Affairs. Retrieved 2025-08-15. ↩︎

  5. Security Affairs (2023). “Air Canada data breach”. Security Affairs. Retrieved 2025-08-15. ↩︎

Cybersecurity, Cyber Attacks
cybersecurity data breach microsoft vulnerability
This post is licensed under CC BY 4.0 by the author.