CRA loses taxpayer data to Heartbleed bug

Tax agency says 900 social insurance numbers compromised in online privacy breach

The Canada Revenue Agency says the social insurance numbers of 900 taxpayers were stolen last week by someone using the Heartbleed encryption vulnerability before the taxation agency shut down public access to its online services.

It happened over a six-hour period by someone exploiting the vulnerability in many supposedly secure websites that used an open-source encryption system.

The CRA said it will send registered letters to affected taxpayers and will not be emailing them because it doesn’t want fraudsters to use phishing schemes to further exploit the privacy breach.

“I want to express regret to Canadians for this service interruption,” CRA commissioner Andrew Treusch said. “I share the concern and dismay of those individuals whose privacy has been impacted by this malicious act.”

Other personal data and possibly businesses’ information may also have been lost.

“We are currently going through the painstaking process of analyzing other fragments of data, some that may relate to businesses, that were also removed,” Treusch said.

Taxpayers whose data was compromised will get bolstered CRA account protection and free access to credit protection services.

Canada’s Privacy Commissioner is also investigating.

Online services, including the E-file and Netfile online income tax portals, were patched and re-launched Sunday after what the CRA called a vigourous test to ensure they are safe and secure.

The CRA cut off access to those services April 8 as word spread that the Heartbleed bug had given hackers access to passwords, credit card numbers and other information at many websites.

People whose income tax filing was delayed by last week’s CRA interruption have been given until May 5 – beyond the usual April 30 filing deadline – to file returns without being penalized.

The Heartbleed vulnerability, which has existed for two years, compromised secure web browsing at some sites despite the display of a closed padlock that indicates an encrypted connection.

Just Posted

Second cannabis store in the works for Revelstoke

City Council approved a development variance permit for Revelsmoke Aug. 13

No public comments on Mackenzie Village development agreement amendments

Revelstoke City Council held a public hearing and heard one written comment and none in-person

Author of Emily Carr books coming to speak in Revelstoke

Laurie Carter will be at the Revelstoke library on Sept. 26

Photos: Railway Days at Revelstoke Railway Museum 2019

Today was Railway Days at the Revelstoke Railway Museum. There was food,… Continue reading

Festival goers at the 27th annual Roots and Blues Festival

The Observer asked: Where are you from and what brought you to the festival?

QUIZ: How much do you remember about Woodstock?

Weekend music festival in Bethel, New York, was held 50 years ago

U16 B.C. fastpitch team named national champs

Girls went undefeated at national tournament in Calgary

Summerland’s downtown has gone through numerous changes

Main Street has been commercial hub of community for many years

Advocates ‘internationalize’ the fight to free Raif Badawi from Saudi prison

Raif Badawi was arrested on June 17, 2012, and was later sentenced to 1,000 lashes and 10 years in jail for his online criticism of Saudi clerics

Okanagan climate advocacy group protests against Tolko

Group to demonstrate outside Vernon head office Monday over plan to log close to water supply

RCMP, search crews hunt for 4-year-old boy missing near Mackenzie

George went missing early Saturday afternoon

Okanagan Cultural Connections live venue tour kicks off in Vernon

Two dozen promoters, national booking agents, and music reps to visit venues from Vernon to Oliver

Most Read