CRA loses taxpayer data to Heartbleed bug

Tax agency says 900 social insurance numbers compromised in online privacy breach

The Canada Revenue Agency says the social insurance numbers of 900 taxpayers were stolen last week by someone using the Heartbleed encryption vulnerability before the taxation agency shut down public access to its online services.

It happened over a six-hour period by someone exploiting the vulnerability in many supposedly secure websites that used an open-source encryption system.

The CRA said it will send registered letters to affected taxpayers and will not be emailing them because it doesn’t want fraudsters to use phishing schemes to further exploit the privacy breach.

“I want to express regret to Canadians for this service interruption,” CRA commissioner Andrew Treusch said. “I share the concern and dismay of those individuals whose privacy has been impacted by this malicious act.”

Other personal data and possibly businesses’ information may also have been lost.

“We are currently going through the painstaking process of analyzing other fragments of data, some that may relate to businesses, that were also removed,” Treusch said.

Taxpayers whose data was compromised will get bolstered CRA account protection and free access to credit protection services.

Canada’s Privacy Commissioner is also investigating.

Online services, including the E-file and Netfile online income tax portals, were patched and re-launched Sunday after what the CRA called a vigourous test to ensure they are safe and secure.

The CRA cut off access to those services April 8 as word spread that the Heartbleed bug had given hackers access to passwords, credit card numbers and other information at many websites.

People whose income tax filing was delayed by last week’s CRA interruption have been given until May 5 – beyond the usual April 30 filing deadline – to file returns without being penalized.

The Heartbleed vulnerability, which has existed for two years, compromised secure web browsing at some sites despite the display of a closed padlock that indicates an encrypted connection.

Just Posted

Egg buyers given more information, options in Greater Victoria stores

Partnership with BC SPCA launched the project in 2011

Victoria-based warship rescues two more sea turtles

HMCS Edmonton credited with a turtle rescue earlier in November

West Shore sees a decrease in drug trafficking reports

West Shore RCMP sees an increase in drug seizures

Algae bloom at Elk Lake prompts CRD advisory notice

Reappearance of blue-green algae lethal to dogs a constant concern for water quality

VIDEO: Ucluelet Aquarium surveying spread and threat of microplastics

“Plastics never actually go away, they break down to smaller and smaller pieces.”

Greater Victoria Crime Stoppers wanted list for the week of Nov. 20

Greater Victoria Crime Stoppers is seeking the public’s help in locating the… Continue reading

VIDEO: Ucluelet Aquarium surveying spread and threat of microplastics

“Plastics never actually go away, they break down to smaller and smaller pieces.”

POLL: Have you started your Christmas shopping yet?

The Christmas lights are twinkling and holiday music is playing in local… Continue reading

South Korean named Interpol president in blow to Russia

South Korea’s Kim Jong Yang was elected as Interpol’s president edging out a longtime veteran of Russia’s security services.

E. coli outbreak linked to romaine lettuce sickens 18 people in Ontario, Quebec

The Canadian Food Inspection Agency says it’s working with U.S. authorities to determine the source of the romaine lettuce those who got ill were exposed to.

Trump defies calls to punish crown prince for writer’s death

The U.S. earlier sanctioned 17 Saudi officials suspected of being responsible for or complicit in the Oct. 2 killing, but members of Congress have called for harsher actions, including cancelling arms sales.

British, EU leaders to meet as Brexit deadline looms

The U.K. and the European Union agreed last week on a 585-page document sealing the terms of Britain’s departure.

Richard Oland was killed ‘in a rage,’ prosecutor tells son’s murder trial

The verdict from Oland’s 2015 murder trial was set aside on appeal in 2016. Richard Oland, 69, was found dead in his Saint John office on July 7, 2011.

Most Read