Parliamentarians: Know how to manage an account compromise

A compromise of your social media or email account has serious implications.

If you think your email or social media accounts have been breached, you should immediately contact your IT security officer. Depending on the nature of the suspected compromise, your IT security officer could be a House of Commons employee, your departmental security officer or your political party chief information officer.

If you don’t know who to call, you can contact the Cyber Centre. We can assist you, as appropriate, and help guide you through the next steps.

We suggest the following measures to manage the compromise of your account.

Take action to regain control of the compromised account

  • Report the compromise to the social media or email provider. Most providers have mechanisms (web links or contact numbers) to report compromised accounts.
  • Change your password to something new, strong and unique. Better yet, use a passphrase.
  • Check your personal information in your account profile. If any information has been changed, re-enter the correct information, such as recovery email address and phone number or security questions.
  • Report the breach to the local police.

Assess and contain the breach

  • For social media platforms, delete any information posted by the threat actor once you regain control.
  • Assess what information may be at risk from the suspected compromise (for example personal, financial or official information).
  • Consider advising your bank or others who may need to be aware of exposed information.
  • Consult a campaign communications advisor.
  • If you used the same password for other accounts, change it immediately. Threat actor may use it to access those accounts.
  • Verify which apps and devices are connected to your account.

Make yourself a harder target

  • Use unique passwords and passphrases for each account or app.
  • Enable multi-factor authentication to add an extra layer of protection to your accounts.
  • Enable account notifications to receive an email when someone logs into your account from an unexpected device.
  • Adjust your privacy settings, as needed.
  • Be suspicious of unsolicited or unusual emails, direct messages or texts/SMS.
  • Do not click through embedded links in emails or other messages unless you are certain you can trust the sender. Consider using your web browser to visit the proposed site instead.
  • Delete unused social media or email accounts.
  • Update your apps regularly to ensure security patches are in place.
  • Use only a trusted device to access your online accounts. Untrusted devices such as hotel business stations may be infected with malware designed to capture sensitive information.
Date modified: