The House of Commons of Canada is currently investigating a data breach after a threat actor reportedly stole employee information in a cyberattack on Friday.
While the lower house of the Parliament of Canada has yet to issue a public statement regarding this incident, CBC News reports that House of Commons staff were notified of a breach on Monday via email.
The alert states that the attacker exploited a recent Microsoft vulnerability to gain access to a database containing sensitive information used to manage House of Commons computers and mobile devices. During the breach, the threat actor also stole some employee data that isn’t publicly available, including their names, job titles, office locations, and email addresses.
I wonder if this is the same SharePoint hack plus RCE that affected US state agencies?
It would be good to know if tours was targeted at Canada specifically or a broad attack used on multiple governments.
