{"id":1850,"date":"2025-09-18T15:42:37","date_gmt":"2025-09-18T21:42:37","guid":{"rendered":"https:\/\/wpsites.ucalgary.ca\/jacobson-cpsc\/?p=1850"},"modified":"2025-09-18T15:42:42","modified_gmt":"2025-09-18T21:42:42","slug":"when-hackers-go-north","status":"publish","type":"post","link":"https:\/\/wpsites.ucalgary.ca\/jacobson-cpsc\/2025\/09\/18\/when-hackers-go-north\/","title":{"rendered":"When Hackers go North!"},"content":{"rendered":"\n<p>House of Commons of Canada Data Breach via Microsoft Vulnerability (August 2025)<\/p>\n\n\n\n<figure class=\"wp-block-image size-full is-resized\"><img decoding=\"async\" width=\"1024\" height=\"768\" data-src=\"https:\/\/wpsites.ucalgary.ca\/jacobson-cpsc\/wp-content\/uploads\/sites\/119\/2025\/09\/ChatGPT-Image-Sep-18-2025-at-01_35_30-PM-edited.png\" alt=\"\" class=\"wp-image-1857 lazyload\" style=\"--smush-placeholder-width: 1024px; --smush-placeholder-aspect-ratio: 1024\/768;width:719px;height:auto\" data-srcset=\"https:\/\/wpsites.ucalgary.ca\/jacobson-cpsc\/wp-content\/uploads\/sites\/119\/2025\/09\/ChatGPT-Image-Sep-18-2025-at-01_35_30-PM-edited.png 1024w, https:\/\/wpsites.ucalgary.ca\/jacobson-cpsc\/wp-content\/uploads\/sites\/119\/2025\/09\/ChatGPT-Image-Sep-18-2025-at-01_35_30-PM-edited-300x225.png 300w, https:\/\/wpsites.ucalgary.ca\/jacobson-cpsc\/wp-content\/uploads\/sites\/119\/2025\/09\/ChatGPT-Image-Sep-18-2025-at-01_35_30-PM-edited-768x576.png 768w\" data-sizes=\"(max-width: 1024px) 100vw, 1024px\" src=\"data:image\/svg+xml;base64,PHN2ZyB3aWR0aD0iMSIgaGVpZ2h0PSIxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjwvc3ZnPg==\" \/><\/figure>\n\n\n\n<p style=\"font-size:12px\"><strong>Figure 1: Cyberattack illustration of Canada\u2019s Parliament (image generated by ChatGPT).<\/strong><\/p>\n\n\n\n<p style=\"font-size:18px\">If you think hackers only go after banks or tech companies then think twice. Turns out, they have a thing for Parliaments too.\u00a0According to a\u00a0<a href=\"https:\/\/www.cbc.ca\/news\/politics\/house-of-commons-data-breach-1.7608061\">CBC News report<\/a>, in August 2025 Canada\u2019s House of Commons was struck by a cyberattack that caused a significant data breach.\u00a0\u00a0<\/p>\n\n\n\n<p style=\"font-size:18px\">The House of Commons broke the news out to staff via email, alerting them that there had been an information breach. Apparently, a malicious actor was able to penetrate their database via a Microsoft vulnerability. Some information the hacker obtained has not been made public. The data included employees\u2019 names, job titles, office locations and email addresses, as well as information regarding their House of Commons-managed devices.\u00a0<\/p>\n\n\n\n<p style=\"font-size:18px\">Canada\u2019s Communications Security Establishment (CSE) confirmed that they are very much aware of the attack and are working with the House of Commons for support, but have not yet pinpointed who was behind it.<\/p>\n\n\n\n<p style=\"font-size:18px\">A recent threat report from the CSE says that adversarial nations like China, Russia and Iran are increasingly behind cyber threats to Canada. But, they say it\u2019s too early to tell who or what is behind this particular breach.<\/p>\n\n\n\n<p style=\"font-size:15px\"><p class=\"MsoNormal\" style=\"margin: 0cm 0cm 8pt;line-height: 18.4px;font-size: medium;font-family: Aptos, sans-serif\"><\/p><\/p>\n\n\n\n<p style=\"font-size:15px\"><em>&#8220;Attribution of a cyber incident is difficult. Investigating cyber threat activity takes resources and time, and there are many considerations involved in the process of attributing malicious cyber activity,&#8221; said in a a CSE statement<\/em><\/p>\n\n\n\n<p style=\"font-size:18px\">In the meantime, CSE has called on members of the House of Commons to stay vigilant as the information that has been accessed during this breach could be used for scams, blackmail and impersonation of politicians.<\/p>\n\n\n\n<p style=\"font-size:18px\">This is still an ongoing investigation that the House of Commons in collaboration with national security partners is conducting, but they have not released any information as to how many employees were affected.<\/p>\n\n\n\n<p><strong>Why is this a threat?<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li style=\"font-size:18px\">Government officials are high value targets: Beyond personal details, they hold highly sensitive data that could be exploited<\/li>\n\n\n\n<li style=\"font-size:18px\">Metadata is quite important to protect; operating systems, serial numbers might sound trivial but if they fall into wrong hands, they can cause serious issues\u00a0<\/li>\n\n\n\n<li style=\"font-size:18px\">It would be very difficult for the public to trust the government since those that make the laws cannot protect their own systems.<\/li>\n<\/ul>\n\n\n\n<p style=\"font-size:18px\">It\u2019s quite ironic that the policy makers and politicians who are always adamant that the public protect their data and be cyber smart are the very ones that have now fallen short. I believe Canada has privacy laws like (PIPEDA)&nbsp;is it that those laws are not active when it comes to the government getting breached?<\/p>\n\n\n\n<p style=\"font-size:18px\">What is more concerning is the lack of transparency. Neither the attacker\u2019s identity nor the extent of the breach has been disclosed. That raises public suspicions and skepticism about government institutions.<\/p>\n\n\n\n<p><strong>Solutions and Preventive Measures<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li style=\"font-size:18px\">They should have a zero-trust architecture (trust nothing, verify or double check everything!)<\/li>\n\n\n\n<li style=\"font-size:18px\">Use device attestation and MFA so leaked metadata is not enough for attackers to use.<\/li>\n\n\n\n<li style=\"font-size:18px\">Increase their transparency when breaches happen, citizens deserve the honesty, not silence.<\/li>\n<\/ul>\n\n\n\n<p style=\"font-size:18px\">Hackers penetrating these systems is not just a problem for Canada, it\u2019s a global wake-up call. Cybersecurity needs to be taken quite seriously and not just tucked under the general IT budget. If lawmakers really want citizens to be cyber aware, then they need to lead by example. They need to protect data and prove they aren\u2019t the weakest link.<\/p>\n\n\n\n<p><strong>References<\/strong><\/p>\n\n\n\n<p style=\"font-size:15px\">CBC News. (2025, August 8).&nbsp;<em>House of Commons warns of data breach involving employee information.<\/em>&nbsp;Retrieved September 18, 2025, from&nbsp;<a href=\"https:\/\/www.cbc.ca\/news\/politics\/house-of-commons-data-breach-1.7608061\">https:\/\/www.cbc.ca\/news\/politics\/house-of-commons-data-breach-1.7608061<\/a><\/p>\n\n\n\n<p style=\"font-size:15px\">The Personal Information Protection and Electronic Documents Act (PIPEDA) \u2014 Office of the Privacy Commissioner of Canada<br><a href=\"https:\/\/www.priv.gc.ca\/en\/privacy-topics\/privacy-laws-in-canada\/the-personal-information-protection-and-electronic-documents-act-pipeda\/?utm_source=chatgpt.com\">https:\/\/www.priv.gc.ca\/en\/privacy-topics\/privacy-laws-in-canada\/the-personal-information-protection-and-electronic-documents-act-pipeda\/<\/a>&nbsp;<a href=\"https:\/\/www.priv.gc.ca\/en\/privacy-topics\/privacy-laws-in-canada\/the-personal-information-protection-and-electronic-documents-act-pipeda\/?utm_source=chatgpt.com\" target=\"_blank\" rel=\"noreferrer noopener\">priv.gc.ca<\/a><strong><\/strong><\/p>\n\n\n\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>House of Commons of Canada Data Breach via Microsoft Vulnerability (August 2025) Figure 1: Cyberattack illustration of Canada\u2019s Parliament (image generated by ChatGPT). If you think hackers only go after banks or tech companies then think twice. Turns out, they have a thing for Parliaments too.\u00a0According to a\u00a0CBC News report, in August 2025 Canada\u2019s House &hellip; <\/p>\n<p class=\"link-more\"><a href=\"https:\/\/wpsites.ucalgary.ca\/jacobson-cpsc\/2025\/09\/18\/when-hackers-go-north\/\" class=\"more-link\">Continue reading<span class=\"screen-reader-text\"> &#8220;When Hackers go North!&#8221;<\/span><\/a><\/p>\n","protected":false},"author":729,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"ngg_post_thumbnail":0,"footnotes":""},"categories":[8,1],"tags":[],"class_list":["post-1850","post","type-post","status-publish","format-standard","hentry","category-isec-601","category-uncategorized","entry"],"featured_image_src":null,"featured_image_src_square":null,"author_info":{"display_name":"Gilberta Cooper","author_link":"https:\/\/wpsites.ucalgary.ca\/jacobson-cpsc\/author\/gilberta-cooper\/"},"_links":{"self":[{"href":"https:\/\/wpsites.ucalgary.ca\/jacobson-cpsc\/wp-json\/wp\/v2\/posts\/1850","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/wpsites.ucalgary.ca\/jacobson-cpsc\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/wpsites.ucalgary.ca\/jacobson-cpsc\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/wpsites.ucalgary.ca\/jacobson-cpsc\/wp-json\/wp\/v2\/users\/729"}],"replies":[{"embeddable":true,"href":"https:\/\/wpsites.ucalgary.ca\/jacobson-cpsc\/wp-json\/wp\/v2\/comments?post=1850"}],"version-history":[{"count":1,"href":"https:\/\/wpsites.ucalgary.ca\/jacobson-cpsc\/wp-json\/wp\/v2\/posts\/1850\/revisions"}],"predecessor-version":[{"id":1858,"href":"https:\/\/wpsites.ucalgary.ca\/jacobson-cpsc\/wp-json\/wp\/v2\/posts\/1850\/revisions\/1858"}],"wp:attachment":[{"href":"https:\/\/wpsites.ucalgary.ca\/jacobson-cpsc\/wp-json\/wp\/v2\/media?parent=1850"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/wpsites.ucalgary.ca\/jacobson-cpsc\/wp-json\/wp\/v2\/categories?post=1850"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/wpsites.ucalgary.ca\/jacobson-cpsc\/wp-json\/wp\/v2\/tags?post=1850"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}