The Office of the Conflict of Interest and Ethics Commissioner shut down its website and public registry on June 16, 2026, citing a potential security vulnerability, according to The Globe and Mail.

The registry is the primary public-facing instrument through which the commissioner's office fulfills its disclosure mandate under the Conflict of Interest Act and the Conflict of Interest Code for Members of the House of Commons. It holds the financial and asset disclosure statements of Cabinet ministers, ministerial staff, senators and MPs — the paper trail that lobbyists, journalists and opposition researchers rely on daily to track potential conflicts. Taking it offline, even briefly, removes that transparency layer from public view.

The commissioner's office has not disclosed what the vulnerability entailed, how long the site will remain down, or whether any data was accessed or compromised before the shutdown. Those details matter. A passive exposure — a misconfigured server visible to scanners but not actively exploited — carries a different set of consequences than an intrusion that touched the registry's underlying data. Until the office clarifies the nature of the incident, the severity cannot be assessed.

The timing is notable in one specific, procedural sense: the registry is a live instrument during periods of active government. Disclosures are filed on a rolling basis, and the commissioner's office is responsible for ongoing compliance monitoring. An extended outage would interrupt that workflow, even if the office continues to operate internally.

The shutdown also touches on a structural tension the commissioner's office has navigated since the Conflict of Interest Act came into force in 2007. The office is an independent Agent of Parliament — it does not report to the Prime Minister or Cabinet — but its operational budget and IT infrastructure are subject to the same procurement and security frameworks that govern other parliamentary and federal institutions. When a vulnerability emerges, the office must balance the obligation to maintain public access to disclosures against the obligation to protect the integrity of the registry itself. Pulling the site is the conservative call, and it is the right one if the alternative is leaving sensitive financial data exposed.

There is no indication at this stage that the vulnerability is linked to a targeted attack on the office specifically, as opposed to a broader scan or software flaw affecting shared government infrastructure. The distinction matters for how Parliament and the public should interpret the incident. The former would raise pointed questions about who might benefit from disrupting access to conflict-of-interest filings; the latter is a more routine, if still serious, IT security matter.

The commissioner's office is expected to restore the site once it has assessed and remediated the vulnerability. Until then, the registry — a foundational piece of federal accountability infrastructure — remains dark.