CRA loses taxpayer data to Heartbleed bug

Tax agency says 900 social insurance numbers compromised in online privacy breach

The Canada Revenue Agency says the social insurance numbers of 900 taxpayers were stolen last week by someone using the Heartbleed encryption vulnerability before the taxation agency shut down public access to its online services.

It happened over a six-hour period by someone exploiting the vulnerability in many supposedly secure websites that used an open-source encryption system.

The CRA said it will send registered letters to affected taxpayers and will not be emailing them because it doesn’t want fraudsters to use phishing schemes to further exploit the privacy breach.

“I want to express regret to Canadians for this service interruption,” CRA commissioner Andrew Treusch said. “I share the concern and dismay of those individuals whose privacy has been impacted by this malicious act.”

Other personal data and possibly businesses’ information may also have been lost.

“We are currently going through the painstaking process of analyzing other fragments of data, some that may relate to businesses, that were also removed,” Treusch said.

Taxpayers whose data was compromised will get bolstered CRA account protection and free access to credit protection services.

Canada’s Privacy Commissioner is also investigating.

Online services, including the E-file and Netfile online income tax portals, were patched and re-launched Sunday after what the CRA called a vigourous test to ensure they are safe and secure.

The CRA cut off access to those services April 8 as word spread that the Heartbleed bug had given hackers access to passwords, credit card numbers and other information at many websites.

People whose income tax filing was delayed by last week’s CRA interruption have been given until May 5 – beyond the usual April 30 filing deadline – to file returns without being penalized.

The Heartbleed vulnerability, which has existed for two years, compromised secure web browsing at some sites despite the display of a closed padlock that indicates an encrypted connection.

Just Posted

UPDATE: Incident along train tracks shuts down Eagle Landing Parkway for several hours

The Chilliwack Progress has reached out to RCMP for further details

VIDEO: Fire destroys Chilliwack home on Bearstone Place

RCMP comfirm everyone got out of the house safely during Saturday morning fire

PHOTOS: Sasquatch Days about ‘being proud of being Sts’ailes’

The joint event between Harrison and Sts’ailes returned to the village for its eighth year

UPDATE: Highway 1 reopened after crash near Prest Road

The early morning incident involved a semi and a flagging truck

Three Albertans land ‘monster’ sturgeon in Fraser River

For angler who landed the exceptionally large sturgeon it was an ‘incredible dream come true’

10 facts about Father’s Day

Did you know that the special day for dads was first celebrated in 1910?

Pride flag taken down by Township of Langley

Woman said she was told it was removed from her front yard because of a complaint

Cyclists competing in one of the toughest bike races on the planet pass through Fernie

Divide riders looking strong as they finish first leg of 4160 km race

You might not know these B.C. records are public

Hired a lawyer to file a civil claim? Those are published online

B.C. bus driver loses case to get job back after texting while driving full bus

An arbitator ruled that Tim Wesman’s phone usage was a “a reckless disregard for public safety”

Revamped B.C. Lions set to battle veteran Winnipeg Blue Bombers

The Lions’ first test of the season will be a big one

No business case for Trans Mountain expansion, says former environment minister

Cabinet is expected to announce its decision on the expansion of the Alberta-to-B.C. pipeline by Tuesday

LETTER: British Columbia’s forest industry crisis being made worse

Andrew Wilkinson warns of regulatory overload by John Horgan’s NDP

Convicted B.C. child abductor Randall Hopley back in custody 6 months after release

Correctional Services Canada could not provide further details due to privacy concerns

Most Read