CRA loses taxpayer data to Heartbleed bug

Tax agency says 900 social insurance numbers compromised in online privacy breach

The Canada Revenue Agency says the social insurance numbers of 900 taxpayers were stolen last week by someone using the Heartbleed encryption vulnerability before the taxation agency shut down public access to its online services.

It happened over a six-hour period by someone exploiting the vulnerability in many supposedly secure websites that used an open-source encryption system.

The CRA said it will send registered letters to affected taxpayers and will not be emailing them because it doesn’t want fraudsters to use phishing schemes to further exploit the privacy breach.

“I want to express regret to Canadians for this service interruption,” CRA commissioner Andrew Treusch said. “I share the concern and dismay of those individuals whose privacy has been impacted by this malicious act.”

Other personal data and possibly businesses’ information may also have been lost.

“We are currently going through the painstaking process of analyzing other fragments of data, some that may relate to businesses, that were also removed,” Treusch said.

Taxpayers whose data was compromised will get bolstered CRA account protection and free access to credit protection services.

Canada’s Privacy Commissioner is also investigating.

Online services, including the E-file and Netfile online income tax portals, were patched and re-launched Sunday after what the CRA called a vigourous test to ensure they are safe and secure.

The CRA cut off access to those services April 8 as word spread that the Heartbleed bug had given hackers access to passwords, credit card numbers and other information at many websites.

People whose income tax filing was delayed by last week’s CRA interruption have been given until May 5 – beyond the usual April 30 filing deadline – to file returns without being penalized.

The Heartbleed vulnerability, which has existed for two years, compromised secure web browsing at some sites despite the display of a closed padlock that indicates an encrypted connection.

Just Posted

Local cadets gain acceptance to RMC

Military careers one step closer

New Star Cinema project approved

Cameo development gets unanimous council thumbs up

Stelly’s sidewalk gets green light

Federal funding brings project to fruition

Witnesses sought for alleged drunk driver crash in Sidney

Crash happened June 16 on East Saanich Rd. and Canora Dr.

Fake crash warns students about real consequences

Saanich Peninsula emergency crews warn against distracted driving

Victoria Ska and Reggae Fest fills harbour with music

Music festival wraps with free party Sunday at Ship Point

5 fun things to do this weekend in Greater Victoria

Victoria Ska and Reggae Fest, Ride Don’t Hide, Cordova Bay Day and more

Jogger spent two weeks in U.S. detention centre after accidentally crossing B.C. border

Cedella Roman, 19, crossed the border while out for a run

B.C. woman with severely disabled son keeps getting parking tickets

‘There has to be something they could do’

Man brandishes axe during robbery

Mounties were able to locate the suspect within two hours of the incident

‘Creep off’ reporting system aims to track street harassment in Metro Vancouver

Text-based hotline launches to collect public reports on where and when harassment occurs

Happy ending for orphaned bear cubs

Two orphaned bear cubs were captured in Castlegar and sent for rehabilitation.

10 feet from home: B.C. grassfire offers stark reminder how quickly blazes burn

Kamloops woman among first people in B.C. to be told to evacuate home this wildfire season

B.C. man (pick up truck, Lucky Beer poster, and all) revels in return to Esquimalt

Rear-Admiral Bob Auchterlonie assumed command of the Maritime Forces Pacific

Most Read