CRA loses taxpayer data to Heartbleed bug

Tax agency says 900 social insurance numbers compromised in online privacy breach

The Canada Revenue Agency says the social insurance numbers of 900 taxpayers were stolen last week by someone using the Heartbleed encryption vulnerability before the taxation agency shut down public access to its online services.

It happened over a six-hour period by someone exploiting the vulnerability in many supposedly secure websites that used an open-source encryption system.

The CRA said it will send registered letters to affected taxpayers and will not be emailing them because it doesn’t want fraudsters to use phishing schemes to further exploit the privacy breach.

“I want to express regret to Canadians for this service interruption,” CRA commissioner Andrew Treusch said. “I share the concern and dismay of those individuals whose privacy has been impacted by this malicious act.”

Other personal data and possibly businesses’ information may also have been lost.

“We are currently going through the painstaking process of analyzing other fragments of data, some that may relate to businesses, that were also removed,” Treusch said.

Taxpayers whose data was compromised will get bolstered CRA account protection and free access to credit protection services.

Canada’s Privacy Commissioner is also investigating.

Online services, including the E-file and Netfile online income tax portals, were patched and re-launched Sunday after what the CRA called a vigourous test to ensure they are safe and secure.

The CRA cut off access to those services April 8 as word spread that the Heartbleed bug had given hackers access to passwords, credit card numbers and other information at many websites.

People whose income tax filing was delayed by last week’s CRA interruption have been given until May 5 – beyond the usual April 30 filing deadline – to file returns without being penalized.

The Heartbleed vulnerability, which has existed for two years, compromised secure web browsing at some sites despite the display of a closed padlock that indicates an encrypted connection.

Just Posted

‘She was awesome’: Malakwa baker leaves U.S. holiday show

‘There are Christmas miracles, look at me’

One year in, surgical pilot project at Revelstoke hospital going well

Starting in Dec. 2018 an additional day of surgeries each week was offered

Snowfall warning for Revelstoke

Up to 25 cm expected

Considerable avalanche danger near Revelstoke today

The mountains have received more than 40 cm this week

Highway 1 avalanche closure times decreasing around Revelstoke

According to the province, Highway 1 closures can cost $500,000 per hour

VIDEO: Federal Liberals’ throne speech welcomes opposition’s ideas

Trudeau will need NDP or Bloc support to pass legislation and survive confidence votes

Weak link in Sagmoen trial, defence says

Counsel questions whether search warrant police executed was obtained on reasonable grounds

VIDEO: John Lennon’s iconic Rolls Royce rolls into Vancouver Island college for checkup

Royal BC Museum, Camosun College and Coachwerks Restorations come together to care for car

North Okanagan MP says throne speech lacked specifics

‘Trudeau government presented a vague agenda,’: MP Mel Arnold

VIDEO: Rockslide closes part of Highway 93 in Fairmont Hot Springs

Geotechnical team called in to do an assessment after rocks fell from hoodoos

Petition calls for appeal of ex-Burns Lake mayor’s sentence for sex assault

Prosecution service says Luke Strimbold’s case is under review

Northwest B.C. wildlife shelter rescues particularly tiny bear cub

Shelter co-founder says the cub weighs less than a third of what it should at this time of year

Sicamous Eagles defeat Summerland Steam in overtime decision

Junior B hockey teams faced off in Summerland on Dec. 5

BC firefighters to help battle Australian bushfires

Canada sent 22 people, including 7 from B.C.

Most Read