CRA loses taxpayer data to Heartbleed bug

Tax agency says 900 social insurance numbers compromised in online privacy breach

The Canada Revenue Agency says the social insurance numbers of 900 taxpayers were stolen last week by someone using the Heartbleed encryption vulnerability before the taxation agency shut down public access to its online services.

It happened over a six-hour period by someone exploiting the vulnerability in many supposedly secure websites that used an open-source encryption system.

The CRA said it will send registered letters to affected taxpayers and will not be emailing them because it doesn’t want fraudsters to use phishing schemes to further exploit the privacy breach.

“I want to express regret to Canadians for this service interruption,” CRA commissioner Andrew Treusch said. “I share the concern and dismay of those individuals whose privacy has been impacted by this malicious act.”

Other personal data and possibly businesses’ information may also have been lost.

“We are currently going through the painstaking process of analyzing other fragments of data, some that may relate to businesses, that were also removed,” Treusch said.

Taxpayers whose data was compromised will get bolstered CRA account protection and free access to credit protection services.

Canada’s Privacy Commissioner is also investigating.

Online services, including the E-file and Netfile online income tax portals, were patched and re-launched Sunday after what the CRA called a vigourous test to ensure they are safe and secure.

The CRA cut off access to those services April 8 as word spread that the Heartbleed bug had given hackers access to passwords, credit card numbers and other information at many websites.

People whose income tax filing was delayed by last week’s CRA interruption have been given until May 5 – beyond the usual April 30 filing deadline – to file returns without being penalized.

The Heartbleed vulnerability, which has existed for two years, compromised secure web browsing at some sites despite the display of a closed padlock that indicates an encrypted connection.

Just Posted

Revelstoke roads and weather: mix of sun and cloud

Heavy rains have destabilized the snowpack. Be careful in the backcountry

Future of heli-skiing unknown with caribou recovery plans

CMH presented to Revelstoke city council this month to outline its impact on the community

Support for Penticton shooting victim

A GoFundMe has been started for one of the four people killed April 15

Annual Nk’maplqs Challenge Cup returns easter weekend

The goal of the Vernon-based event is to revitalize the game and the tradition of an all-native hockey tournament in the Interior.

Home Hardware to give away free Reusable Shopping Bags in honour of Earth Day

“We feel we have a responsibility to keep our ecological footprint as small as possible”

B.C. RCMP receive application for Police Cat Services

RCMP announced the launch of the Police Cat Services unit as an April fools joke

Shuswap dancer stays across street from Penticton shooting day after Salmon Arm tragedy

Dancers come for festival, put in lockdown in rec centre, watch police response from Airbnb window

Kirkland Signature veggie burgers recalled due to possible metal fragments

Recalled products came in 1.7 kg packages with a best before date of Apr. 23, 2019

Chaos at the ferry terminal for people heading from Vancouver to the Island

Easter crowds create backlog at Tsawwassen ferry terminal

COLUMN: Bunnies, sexuality and the freedom to read

A book about a gay bunny has been the subject of challenges

Vernon-raised BC Was Awesome producer returns home for filming of episode

The topic of this Vernon-featured episode has not yet been revealed.

Parents of 13 who tortured children get life after hearing victims

One of their daughters fled their home and pleaded for help to a 911 operator

Most Read