The Canada Revenue Agency (CRA) headquarters Connaught Building is pictured in Ottawa on Monday, Aug. 17, 2020. THE CANADIAN PRESS/Sean Kilpatrick

CRA resumes online services with new security features after cyberattacks

All individuals affected by the cybersecurity breaches will receive a letter from the CRA

The Canada Revenue Agency has resumed all online services after fraudsters used thousands of pilfered usernames and passwords to obtain government services.

The agency disabled the services Saturday after discovering more than 5,000 accounts had been the target of three cyberattacks.

Online access to “My Business Account” resumed Monday and all others were brought back online Wednesday evening.

The agency says it regrets the impacts on Canadians and has modified all its security systems to protect against future cyberattacks.

All individuals affected by the cybersecurity breaches will receive a letter from the CRA explaining how to confirm their identity in order to protect and restore access to their account.

The agency urges everyone using its online services to update their accounts with unique passwords they don’t use for any other purpose.

It also recommends all CRA “My Account” users enable email notifications as an additional measure of security.

They can also opt to use a new security feature that will allow them to set up a unique personal identification number to open an account.

About 5,600 CRA accounts were targeted in what the CRA has described as “credential stuffing” schemes, in which hackers used passwords and usernames from other websites to access Canadians’ CRA accounts.

The first of three attacks last week took aim at the GCKey service, which is used by about 30 federal departments and allows Canadians to access services like the My Service Canada account.

By using the previously stolen usernames and passwords, the perpetrators were able to fraudulently acquire about 9,000 of the some 12 million GCKey accounts.

Separately, CRA’s system was hit by credential stuffing attacks. The perpetrators were able to use previously hacked credentials to access the CRA portal. They were also able to exploit a vulnerability that allowed them to bypass the CRA security questions and get into thousands more accounts.

In addition, the CRA portal was directly targeted with a large amount of traffic trying to attack the services through credential stuffing.

The Canadian Press

Canadacybersecurity

Get local stories you won't find anywhere else right to your inbox.
Sign up here

Just Posted

Overnight shutdown of Highway 1 at McKenzie interchange for sign installation

Traffic will be impacted in both directions, detour available

Wildfire smoke expected to blanket Greater Victoria again

Conditions expected to worsen Wednesday afternoon but not approach levels reached a few weeks ago

Canadian warship HCMS Regina sails past Sidney

The vessel recently returned from the world’s largest naval exercise

‘Bonnie’ and ‘Henry’ among latest litter of service dog puppies

B.C. Alberta Guide Dogs names two pups after provincial health officer

Former Victoria Royals manager celebrates Stanley Cup win

Grant Armstrong is now an amateur scout with Tampa Bay Lightning

Orange Shirt Society launches first textbook on residential school history

Phyllis Webstad and Joan Sorley worked on the 156-page book to help educate students

Metis pilot Teara Fraser profiled in new DC Comics graphic novel of women heroes

The Canadian pilot’s entry is titled: ‘Teara Fraser: Helping Others Soar’

Growing food sovereignty at Klemtu

Greenhouse and grow boxes help create circular food economy for Kitasoo/Xai’xais First Nations

Is it time to start thinking about greener ways to package cannabis?

Packaging suppliers are still figuring eco-friendly and affordable packaging options that fit the mandates of Cannabis Regulations

Join Black Press Media and Do Some Good

Pay it Forward program supports local businesses in their community giving

Horgan vows to replace B.C.’s shared senior care rooms in 10 years

$1.4 billion construction on top of staff raises, single-site work

More sex abuse charges laid against B.C. man who went by ‘Doctor Ray Gaglardi’

Investigators now focussing efforts on alleged victims within the Glad Tidings Church community

Orange Shirt Day lessons of past in today’s classrooms

Phyllis Webstad, who attended St. Joseph’s Mission Residential School in British Columbia, is credited for creating the movement

Most Read