- Canadas House of Commons informed his employees of a cyberincident
- The lost sensitive employee data to named hackers
- Threat actors apparently broke in through a Microsoft SharePoint error
Canada’s House of Commons has reportedly suffered a cyber attack where it saw that it loses sensitive employee data.
A CBC report referring to an internal e email sent to its staff says the attack then an unidentified threat actor utilizes a “recent Microsoft vulnerability” to access a database of employee computers and mobile devices information.
Among the data stolen in the attack were employee names, e -mail addresses, job titles, office sites and information about the devices they use.
SharePoint under magnifying glass
Currently, both House of Commons and Canada’s Communications Security establishment (CSE) are investigating the question.
“Access to a cyber event is difficult. Examination of cyber threat activity takes resources and time, and there are many considerations involved in the process of attributing malicious cyber activity,” CSE apparently said in a statement.
The organization told its employees to remain vigilant and be wary of inbound communication.
The details are scarce but House of Commons, which says attackers used a “recent Microsoft vulnerability”, caused speculation that it was done through a notorious SharePoint error recently exploited.
Canada’s Cyber Center recently issued a warning of a SharePoint server error called Toolshell, tracked as CVE-2025-53770.
Toolshell was first observed in late July 2025 and has been abused by several threat actors, including Chinese state -sponsored groups.
Several high -profile organizations have already been compromised in this way, including the US national nuclear security administration, Rhode Island General Assembly and many others.
Via Bleeping computer
