CRA loses taxpayer data to Heartbleed bug

Tax agency says 900 social insurance numbers compromised in online privacy breach

The Canada Revenue Agency says the social insurance numbers of 900 taxpayers were stolen last week by someone using the Heartbleed encryption vulnerability before the taxation agency shut down public access to its online services.

It happened over a six-hour period by someone exploiting the vulnerability in many supposedly secure websites that used an open-source encryption system.

The CRA said it will send registered letters to affected taxpayers and will not be emailing them because it doesn’t want fraudsters to use phishing schemes to further exploit the privacy breach.

“I want to express regret to Canadians for this service interruption,” CRA commissioner Andrew Treusch said. “I share the concern and dismay of those individuals whose privacy has been impacted by this malicious act.”

Other personal data and possibly businesses’ information may also have been lost.

“We are currently going through the painstaking process of analyzing other fragments of data, some that may relate to businesses, that were also removed,” Treusch said.

Taxpayers whose data was compromised will get bolstered CRA account protection and free access to credit protection services.

Canada’s Privacy Commissioner is also investigating.

Online services, including the E-file and Netfile online income tax portals, were patched and re-launched Sunday after what the CRA called a vigourous test to ensure they are safe and secure.

The CRA cut off access to those services April 8 as word spread that the Heartbleed bug had given hackers access to passwords, credit card numbers and other information at many websites.

People whose income tax filing was delayed by last week’s CRA interruption have been given until May 5 – beyond the usual April 30 filing deadline – to file returns without being penalized.

The Heartbleed vulnerability, which has existed for two years, compromised secure web browsing at some sites despite the display of a closed padlock that indicates an encrypted connection.

Just Posted

Armed Forces in town, new fire near Cherryville

Area restrictions expanded, firefighters equipment stolen

City of Revelstoke and CSRD reach fire protection agreement

A new fire protection agreement has been negotiated between the City of… Continue reading

Cost to Revelstoke taxpayers as well as developers affected by proposed bylaw

If the tabled Development Cost Charge bylaw is passed sewer user costs will increase dramatically

Glimpses of Revelstoke’s past-Aug. 15

Cathy English Revelstoke Museum & Archives Glimpses of the Past - Items… Continue reading

‘Art Alleries’ coming to Revelstoke with funding from the Columbia Basin Trust

Rob Buchanan’s creations will be hung on alleyway walls and lit

B.C. wildfires 2018: Hazy skies impacting crews in spotting new fires

18,000 people are on an evacuation alert, with 3,000 homes under an evacuation order

Minister optimistic after 2 days of Columbia River Treaty negotiations

Canadian and U.S. officials met in Nelson Wednesday and Thursday to discuss future of the treaty

Man dies in B.C. police cell while awaiting court hearing

An independent investigation is underway after a man died while in Penticton police custody Aug. 16

RCMP appeal for tips, dashcam footage in German tourist shooting west of Calgary

The Durango crashed into the ditch after the shooting near the Goodstoney Rodeo Centre

2 nurses attacked at B.C. psych hospital, union calls for in-unit security

PHSA says that in-unit guards would do more harm than good

Former Shuswap optician won’t be jailed for sexually assaulting minor

Kenneth Pilkington sentenced to 24 months’ probation for offence three decades ago

Kelowna developer warns home buyers to look at more than the price tag

Kelowna developer Jeffrey Anderson wants first-time homeowners to look at more than the price tag.

Red Cross now accepting donations for those impacted by B.C. wildfires

The Canadian Red Cross is asking for help now and in the weeks and months ahead.

B.C. program to educate parents reduces ‘shaken baby syndrome’ by 35%

Period of PURPLE Crying was launched nearly a decade ago

Most Read