CRA loses taxpayer data to Heartbleed bug

Tax agency says 900 social insurance numbers compromised in online privacy breach

The Canada Revenue Agency says the social insurance numbers of 900 taxpayers were stolen last week by someone using the Heartbleed encryption vulnerability before the taxation agency shut down public access to its online services.

It happened over a six-hour period by someone exploiting the vulnerability in many supposedly secure websites that used an open-source encryption system.

The CRA said it will send registered letters to affected taxpayers and will not be emailing them because it doesn’t want fraudsters to use phishing schemes to further exploit the privacy breach.

“I want to express regret to Canadians for this service interruption,” CRA commissioner Andrew Treusch said. “I share the concern and dismay of those individuals whose privacy has been impacted by this malicious act.”

Other personal data and possibly businesses’ information may also have been lost.

“We are currently going through the painstaking process of analyzing other fragments of data, some that may relate to businesses, that were also removed,” Treusch said.

Taxpayers whose data was compromised will get bolstered CRA account protection and free access to credit protection services.

Canada’s Privacy Commissioner is also investigating.

Online services, including the E-file and Netfile online income tax portals, were patched and re-launched Sunday after what the CRA called a vigourous test to ensure they are safe and secure.

The CRA cut off access to those services April 8 as word spread that the Heartbleed bug had given hackers access to passwords, credit card numbers and other information at many websites.

People whose income tax filing was delayed by last week’s CRA interruption have been given until May 5 – beyond the usual April 30 filing deadline – to file returns without being penalized.

The Heartbleed vulnerability, which has existed for two years, compromised secure web browsing at some sites despite the display of a closed padlock that indicates an encrypted connection.

Just Posted

More buoys allowed for Brentwood Bay

Proposed number rises from 40 to 60

Victoria airport reaches nearly two million passengers in 2017

This year expected to see additional growth

Peninsula speed skating duo aiming for the national stage

Pair opted to train in long track skating this season for the first time

Tent city resident just wants a home

Roving tent city has made its way to Central Saanich

Island Health, service providers meeting to talk about used needles in Victoria

Recent public needle-prick incidents prompt call to reduce number of needles found

Sidney’s Salish Sea aquarium to close for maintenance

First extended closure for the Shaw Centre for the Salish Sea since it opened in 2009

Butchart Gardens is hiring now and paying more

Wages start at $15, job fair Feb. 20

Cash still needed for Stelly’s Cross Path

MLA Olsen wants more specifics first

Injured parachutist wants stolen backpack back

Bag contained important video files of 2017 parachuting incident

Body discovered in burnt out car near Trail

Police report a body was found in the burnt out trunk of a 1999 Honda Civic

VIDEO: B.C. Lions sign defensive back T.J. Lee to contract for upcoming season

The four-year veteran had a team-high four interceptions and 49 tackles last season with B.C.

How an immigrant to Canada helped Donald Trump prove his mental health

Test that cleared Trump was developed by doctor associated with McGill and Sherbrooke universities

Premier touches on multiple topics ahead of Asia trade trip

Housing and childcare are expected to be the focus of the BC NDP’s first budget in February.

Wanted by Greater Victoria Crime Stoppers for the week of Jan. 16

Greater Victoria Crime Stoppers is seeking the public’s help in locating the… Continue reading

Most Read