CRA loses taxpayer data to Heartbleed bug

Tax agency says 900 social insurance numbers compromised in online privacy breach

The Canada Revenue Agency says the social insurance numbers of 900 taxpayers were stolen last week by someone using the Heartbleed encryption vulnerability before the taxation agency shut down public access to its online services.

It happened over a six-hour period by someone exploiting the vulnerability in many supposedly secure websites that used an open-source encryption system.

The CRA said it will send registered letters to affected taxpayers and will not be emailing them because it doesn’t want fraudsters to use phishing schemes to further exploit the privacy breach.

“I want to express regret to Canadians for this service interruption,” CRA commissioner Andrew Treusch said. “I share the concern and dismay of those individuals whose privacy has been impacted by this malicious act.”

Other personal data and possibly businesses’ information may also have been lost.

“We are currently going through the painstaking process of analyzing other fragments of data, some that may relate to businesses, that were also removed,” Treusch said.

Taxpayers whose data was compromised will get bolstered CRA account protection and free access to credit protection services.

Canada’s Privacy Commissioner is also investigating.

Online services, including the E-file and Netfile online income tax portals, were patched and re-launched Sunday after what the CRA called a vigourous test to ensure they are safe and secure.

The CRA cut off access to those services April 8 as word spread that the Heartbleed bug had given hackers access to passwords, credit card numbers and other information at many websites.

People whose income tax filing was delayed by last week’s CRA interruption have been given until May 5 – beyond the usual April 30 filing deadline – to file returns without being penalized.

The Heartbleed vulnerability, which has existed for two years, compromised secure web browsing at some sites despite the display of a closed padlock that indicates an encrypted connection.

Just Posted

O’Reilly trial scheduled to start January 15 for Anahim Lake murders

O’Reilly is charged with first-degree murder

School District 49 to re-open Nusatsum Elementary in September 2018

SD49 says increasing enrollment is driving its decision to re-open the school

Red Cross funding available to local residents of Bella Coola and Hagensborg

The Red Cross is administering up to $900 in initial funding to help assist Bella Coola Valley residents

B.C. boy denied $19,000-per-month drug to ease ‘crippling pain’ for 3rd time

Sooke mom Jillian Lanthier says son Landen Alexa has been forgotten about by Premier John Horgan

Diplomacy on agenda at North Korea summit in Vancouver

Foreign ministers from 20 countries are meeting Tuesday to discuss security and stability on the Korean Peninsula.

Kids chained in Calif. house of horrors; parents arrested

Authorities say an emaciated teenager led deputies to home where her 12 brothers and sisters were locked up in filthy conditions

‘Reprehensible’: Trudeau abortion policy raises ire of U.S. right

“This man is reprehensible,” tweeted former White House staffer Sebastian Gorka

‘I shouldn’t have to have a husband:’ Winnipeg woman criticizes men-only club

Jodi Moskal discovered the Winnipeg Squash Racquet Club continues to ban women as members, as it has done since opening in 1909.

Japan public TV sends mistaken North Korean missile alert

The false alarm came two days after Hawaii’s emergency management department sent a mistaken warning

Toronto girl dies after being pinned between vehicles while picked up from school

Police say an SUV with no driver in it rolled forward and pinned the girl against her father’s car

Senior randomly stabbed in B.C. mall food court

Woman arrested after victim, 71, suffers serious injuries

B.C. Liberal hopefuls begin final leadership push

Five MLAs, one outsider pitch policies to party members

Most Read