CRA loses taxpayer data to Heartbleed bug

Tax agency says 900 social insurance numbers compromised in online privacy breach

The Canada Revenue Agency says the social insurance numbers of 900 taxpayers were stolen last week by someone using the Heartbleed encryption vulnerability before the taxation agency shut down public access to its online services.

It happened over a six-hour period by someone exploiting the vulnerability in many supposedly secure websites that used an open-source encryption system.

The CRA said it will send registered letters to affected taxpayers and will not be emailing them because it doesn’t want fraudsters to use phishing schemes to further exploit the privacy breach.

“I want to express regret to Canadians for this service interruption,” CRA commissioner Andrew Treusch said. “I share the concern and dismay of those individuals whose privacy has been impacted by this malicious act.”

Other personal data and possibly businesses’ information may also have been lost.

“We are currently going through the painstaking process of analyzing other fragments of data, some that may relate to businesses, that were also removed,” Treusch said.

Taxpayers whose data was compromised will get bolstered CRA account protection and free access to credit protection services.

Canada’s Privacy Commissioner is also investigating.

Online services, including the E-file and Netfile online income tax portals, were patched and re-launched Sunday after what the CRA called a vigourous test to ensure they are safe and secure.

The CRA cut off access to those services April 8 as word spread that the Heartbleed bug had given hackers access to passwords, credit card numbers and other information at many websites.

People whose income tax filing was delayed by last week’s CRA interruption have been given until May 5 – beyond the usual April 30 filing deadline – to file returns without being penalized.

The Heartbleed vulnerability, which has existed for two years, compromised secure web browsing at some sites despite the display of a closed padlock that indicates an encrypted connection.

Just Posted

Glimpses of Revelstoke’s past for Jan. 16

125 Years Ago: Kootenay Star, Jan. 13, 1894 Three feet of snow… Continue reading

LETTER: Traffic on Victoria Rd in Revelstoke

An MVA at Charles & Victoria earlier in December should be a… Continue reading

Balmy winter forecast for Okanagan-Shuswap

El Niño is anticipated to develop later this winter

Ontario band calls themselves Revelstoke

They say they were inspired by their favourite B.C. town

Grizzlies: Controlling what you can control

Revelstoke’s star goalies Liam McGarva and Noah Desouza talk pressure and focus

VIDEO: Car flies across median, flips over edge of B.C. overpass

Dash cam footage shows vehicle speeding across Brunette Avenue overpass in Coquitlam

Indigenous energy summit includes session on pipeline ownership options

Steven Saddleback of the Indian Resource Council says a session will feature presentations on financing models

Japanese grand champion Kisenosato retires from sumo

The 32-year-old Kisenosato was the first Japanese-born wrestler in 19 years to gain promotion to sumo’s highest rank

UPDATE: Accused B.C. high school killer found fit to stand trial

Gabriel Klein is accused in the 2016 stabbing death of Letisha Reimer at Abbotsford Senior Secondary

Right-wing, neo-Nazi, white supremacist groups an increasing concern: Goodale

Ten people died in April 2018 when Alek Minassian allegedly drove a rental van down the busy stretch in Toronto

Canadian stock exchanges to conduct lottery for ‘POT’ ticker amid high demand

The symbol became available after fertilizer Potash Corp. officially merged with Agrium Inc. in early 2018

Millennial Money: Don’t let Instagram envy get you into debt

A full 48 per cent of U.S. households have credit card debt

Jury debates fate of man accused of killing 12-year-old B.C. girl 40 years ago

Police allege Garry Handlen told a cop how he abducted, sexually assaulted and strangled Monica Jack in May 1978

Most Read