CRA loses taxpayer data to Heartbleed bug

Tax agency says 900 social insurance numbers compromised in online privacy breach

The Canada Revenue Agency says the social insurance numbers of 900 taxpayers were stolen last week by someone using the Heartbleed encryption vulnerability before the taxation agency shut down public access to its online services.

It happened over a six-hour period by someone exploiting the vulnerability in many supposedly secure websites that used an open-source encryption system.

The CRA said it will send registered letters to affected taxpayers and will not be emailing them because it doesn’t want fraudsters to use phishing schemes to further exploit the privacy breach.

“I want to express regret to Canadians for this service interruption,” CRA commissioner Andrew Treusch said. “I share the concern and dismay of those individuals whose privacy has been impacted by this malicious act.”

Other personal data and possibly businesses’ information may also have been lost.

“We are currently going through the painstaking process of analyzing other fragments of data, some that may relate to businesses, that were also removed,” Treusch said.

Taxpayers whose data was compromised will get bolstered CRA account protection and free access to credit protection services.

Canada’s Privacy Commissioner is also investigating.

Online services, including the E-file and Netfile online income tax portals, were patched and re-launched Sunday after what the CRA called a vigourous test to ensure they are safe and secure.

The CRA cut off access to those services April 8 as word spread that the Heartbleed bug had given hackers access to passwords, credit card numbers and other information at many websites.

People whose income tax filing was delayed by last week’s CRA interruption have been given until May 5 – beyond the usual April 30 filing deadline – to file returns without being penalized.

The Heartbleed vulnerability, which has existed for two years, compromised secure web browsing at some sites despite the display of a closed padlock that indicates an encrypted connection.

Just Posted

International film series returns to Chilliwack this fall

The Chilliwack International Fall Film Series at Cottonwood 4 Cinemas runs Oct. 2 to Nov. 6

Grand opening of Molson Coors Fraser Valley Brewery at Chilliwack cause for celebration

Ribbon-cutting with dignitaries, Molson brass and family marked the official grand opening

Two more on witness stand accuse former Chilliwack youth leader of sexual touching

BC Supreme Court justice rules similar fact evidence allowed in trial of Codie Anderson

East Coast comedian Ron James bringing ‘Full Throttle Tour’ to Chilliwack Cultural Centre

James is at work on the first draft of his first book, ‘All Over the Map’

Multiple accidents on Highway 1 slowing morning commutes

One accident just past 232 Street in Langley, second is just East of Bradner Street in Abbotsford

VIDEO: Drone footage documents work to free salmon at Big Bar landslide

Video shows crews working to remove rocks and wood, and transporting salmon by helicopter

Defense says burden of proof not met in double murder case against Victoria father

Closing statements begin in trial for man accused of killing daughters Christmas 2017

B.C. dog breeder banned again after 46 dogs seized

The SPCA seized the animals from Terry Baker, 66, in February 2018

Surrey mom allegedly paid $400,000 for son in U.S. college bribery scam

Xiaoning Sui, 48, was arrested in Spain on Monday night

Three dogs found shot dead in Prince George ditch

The three adult dogs appeared to be well cared for before being found with gunshot wounds, BC SPCA says

Vancouver police could be using drones to fight crime by end of year

The police department has already purchased three drones, as well as three others for training

B.C. party bus company to be monitored after 40 intoxicated teens found onboard

Police received tip teens and young adults were drinking on party buses and limousines in Surrey

B.C. cabinet minister denies that Surrey mayor’s friend attended government meeting

Surrey councillor questions Vancouver businessman Bob Cheema’s involvement in official meeting

Rick Mercer calls out Conservative candidate in B.C. for fake meme

‘Not true. All fake. Please Stop,’ tweeted Rick Mercer in response

Most Read