Alternate format: Parliamentarians: So you think you’ve been hacked? What to do... (PDF, 168 KB)
A compromise of your social media or email account has serious implications.
If you think your email or social media accounts have been breached, you should follow the steps below and contact your IT security officer. Depending on the nature of the suspected compromise, your IT security officer could be with the HoC. It could also be your DSO or your political party CIO. If you are not certain whom to call, you can reach out to the Canadian Centre for Cyber Security (Cyber Centre) and we can assist, as appropriate, and help guide you through the next steps.
If you believe your social media or email account has been compromised, you should:

Take Action to Regain Control of the Compromised Account
- Report the compromise to the social media or email provider. Follow on-screen instructions in the ‘forgot my account’ or ‘account recovery’ page.
- Change your password. Make sure it is unique, unusual and complex.
- Check your personal information in your account profile. If any information has been changed, re-enter the correct information, such as recovery email address and phone number, or security questions.
- Report the breach to the local police.

Assess and Contain the Breach
- For social media platforms, delete any posts that aren’t yours.
- Assess what information may be at risk from the suspected compromise, e.g. personal, financial or official information.
- Consider advising your bank or others who may need to be aware of exposed information.
- If you used the same password for other accounts, change your password for each of the other accounts to one that is unique, unusual and complex.

Make Yourself a Hard Target to Avoid Compromise
- Always use unique, unusual and complex passwords for each account or app. Password managers can help keep track of your passwords.
- Enable two-factor authentication to confirm your identity during login attempts. Consider using a hardware token as an extra security measure.
- Enable account notifications to receive an email when someone logs into your account from an unexpected device.
- Review your privacy settings.
- Create security questions for which the answers are not publicly available information (e.g. college roommate’s hometown).
- Be suspicious of unsolicited or unusual emails, direct messages or texts/SMS.
- Do not click through embedded links in emails or other messages unless you are certain the sender is trusted. Consider using your web browser to visit the proposed site.
- Verify which apps and devices are connected to your account.
- Delete unused social media or email accounts.
- Update your apps regularly to ensure updated security patches are in place.
- Don’t access your account from unprotected public wifi services or business stations.