Supply chain
β Supply Chain
Employment and Social Development Canada (ESDC) Third-Party Breach (September 2025)
Primary Source βIncident Details
In 2025, Employment and Social Development Canada (ESDC) experienced a data security incident via a
third-party vendor relationship. The compromised third-party vendor was 2Keys Corporation. Source reporting:
https://www.canada.ca/en/treasury-board-secretariat/news/2025/09/statement-from-the-office-of-the-chief-information-officer-of-the-government-of-canada-on-data-security-incident.html
Technical Details
- Initial Attack Vector
- Compromise of third-party service provider / vendor relationship
- Vendor / Product
- 2Keys Corporation
- Supply Chain Attack
- β Confirmed third-party / vendor compromise
Timeline
- 2025-09-01 Breach occurred
- 2025-09-01 Publicly disclosed