According to an internal e-mail obtained by CBC News, the intrusion occurred on Friday and affected a database that was used to manage computers and mobile devices. The data revealed in the email included names, titles, email addresses, and details about computers and mobile devices, including operating systems, model numbers, and telephone numbers. 

Officials have not been able to link the attack with any nation-state or criminal group, but questions remain as to whether additional sensitive information has been accessed. According to a statement from Olivier Duhaime, spokesperson for the Speaker's Office, the House of Commons is cooperating closely with its national security partners to conduct an investigation. However, he declined to provide further information due to security concerns. 

An unauthorised actor gained access to the House's systems, which was first reported by CBC News on Monday, leading to the public discovery of the breach. According to an internal email of the intruders, they exploited a recent Microsoft vulnerability in order to gain access to parliamentary computers and mobile devices. 

There was a lot of information exposed, including employee names, job titles, office locations, e-mail addresses, as well as technical information about devices controlled by the House. A cybersecurity agency such as Canada's Communications Security Establishment (CSE) has joined the investigation, although no one knows who the attackers are. 

According to the CSE, a threat actor is defined as any entity seeking to disrupt or access a network without authorisation. In a recent report, the agency warned that foreign nations like China, Russia, and Iran are increasingly targeting Canadian institutions, despite this fact. Nevertheless, no attribution has been established in this case, and officials have cautioned against using the compromised information for scams, impersonation, or further invasions. 

According to Canada's latest Cyber Threat Assessment, the country faces an ever-increasing exposure to digital threats, and it is described as a "valuable target" for both state-sponsored adversaries and criminals who are financially motivated to do so. In the last two years, the Canadian Centre for Cyber Security has reported a significant increase in the number and severity of cyber-attacks, with a warning that state actors are increasingly aggressive. 

It has also been noted that cybercriminals are increasingly using illicit business models and artificial intelligence to expand their capabilities, according to Rajiv Gupta, head of the centre. Chinese cyber threats pose the greatest threat to Canada, according to the report, and it indicates that at least 20 government networks were compromised by threat actors affiliated with the People's Republic of China over the past four years.

The House of Commons incident is likely to be linked to a recently exploited zero-day Microsoft SharePoint vulnerability, which is known as CVE-2025-53770, although officials have not confirmed which particular flaw was exploited. During the exploitation of untrusted data in on-premises SharePoint Server, a vulnerability that has a CVSS score of 9 was discovered, which could allow an attacker to remotely execute code. 

The vulnerability has been reported by Viettel Cyber Security through Trend Micro’s Zero Day Initiative since July. Since then, the vulnerability has been actively exploited, which prompted Microsoft to issue a warning and recommend immediate measures to mitigate the problem while a full patch is being prepared. As a result of the breach of parliament, members and staff have been urged to stay vigilant against potential scams. 

The incident occurs at a time when Canada is facing an escalation of cyber threats that are becoming increasingly sophisticated as both adversaries and financially motivated criminals are increasingly leveraging advanced tools and artificial intelligence in order to gain an edge over their adversaries. During the past four years, the federal government has confirmed at least 20 network compromises linked to Beijing, indicating that China is the most sophisticated and active threat actor. 

There is an increasing pressure on Canada's critical infrastructure due to recent incidents like the hack on WestJet in June that disrupted both the airline's internal systems as well as its mobile application. Initially discovered in May, this vulnerability, which was confirmed to be actively exploited in late July, can allow the attacker to execute code remotely, allowing them to gain access to all SharePoint content, including sensitive configurations and internal file systems. 

As Costis pointed out, many major organisations, including Google and the United States, have recently been breached as a result of vulnerabilities in Microsoft platforms like Exchange and SharePoint. Several ransomware groups, including Salt Typhoon and Warlock, have been reported to have exploited these vulnerabilities by targeting nearly 400 organisations worldwide as a result of these campaigns.

In addition, the United States Cybersecurity and Infrastructure Security Agency (CISA) has also warned about the vulnerability, known as the “ToolShell” vulnerability. It was warned earlier this month that the vulnerability could enable not only unauthenticated access to systems, but also authenticated access to them through the use of network spoofing. This type of exploit could allow attackers to take complete control of SharePoint environments, including file systems and internal configurations. 

A Mandiant CEO, Charles Carmakal, emphasised on LinkedIn that it is not just about applying Microsoft's security patch, but about taking steps to mitigate this risk along with implementing Mitigation strategies, in addition to applying Microsoft's security patch. It was reported by Microsoft in a July blog post that nation-state actors based in China have been actively trying to exploit the vulnerability, including Linen Typhoon, Violet Typhoon, and possibly Storm-2603, among others. 

The group has historically targeted the intellectual property of governments, the defence sector, the human rights industry, strategic planning, higher education, as well as the media, finance, and health sectors throughout North America, Europe, and Asia. It has been reported that Linen Typhoon is known for its "drive-by compromises" that exploit existing vulnerabilities, whereas Violet Typhoon constantly scans exposed web infrastructure to find weaknesses, according to Microsoft. 

The House of Commons breach echoes a growing trend of security concerns linked to enterprise technologies that have been widely deployed in the past few years. As a result, government and corporate systems have become increasingly fragile. Because Microsoft platforms are omnipresent, security analysts argue that they provide adversaries with a high-value entry point that can have far-reaching consequences when exploited by adversaries. 

The incident highlights how, not only is it difficult to safeguard sensitive parliamentary data, but also to deal with systemic risks that cross critical sectors such as aviation, healthcare, finance, and higher education when they are exploited. There is an argument to be made that in order to achieve this goal, it will require not only timely patches and mitigations, but a cultural shift as well—one that integrates intelligence sharing, proactive threat hunting, and ongoing investments in cyber defence—along with the ongoing use of cyber defence technologies. 

Even though global threat actors are growing in strength and opportunity, the incident serves as a reminder that it is vital that national institutions are protected with vigilance that matches the sophistication and scale of their adversaries.