CRA loses taxpayer data to Heartbleed bug

Tax agency says 900 social insurance numbers compromised in online privacy breach

The Canada Revenue Agency says the social insurance numbers of 900 taxpayers were stolen last week by someone using the Heartbleed encryption vulnerability before the taxation agency shut down public access to its online services.

It happened over a six-hour period by someone exploiting the vulnerability in many supposedly secure websites that used an open-source encryption system.

The CRA said it will send registered letters to affected taxpayers and will not be emailing them because it doesn’t want fraudsters to use phishing schemes to further exploit the privacy breach.

“I want to express regret to Canadians for this service interruption,” CRA commissioner Andrew Treusch said. “I share the concern and dismay of those individuals whose privacy has been impacted by this malicious act.”

Other personal data and possibly businesses’ information may also have been lost.

“We are currently going through the painstaking process of analyzing other fragments of data, some that may relate to businesses, that were also removed,” Treusch said.

Taxpayers whose data was compromised will get bolstered CRA account protection and free access to credit protection services.

Canada’s Privacy Commissioner is also investigating.

Online services, including the E-file and Netfile online income tax portals, were patched and re-launched Sunday after what the CRA called a vigourous test to ensure they are safe and secure.

The CRA cut off access to those services April 8 as word spread that the Heartbleed bug had given hackers access to passwords, credit card numbers and other information at many websites.

People whose income tax filing was delayed by last week’s CRA interruption have been given until May 5 – beyond the usual April 30 filing deadline – to file returns without being penalized.

The Heartbleed vulnerability, which has existed for two years, compromised secure web browsing at some sites despite the display of a closed padlock that indicates an encrypted connection.

Just Posted

IRM reports small sulphuric acid leak at Waneta reload

IRM states a small volume of less than one cup and three dime-sized drips were leaked from carrier

New farmers in Columbia Basin supported by land matching program

New and young farmers in the Basin are receiving support and services from a dedicated land matcher

Columbia Basin Trust offering business accelerator program

Trust seeking motivated companies for customized support and mentorship program

Trail military exercises provide crucial training

Exercise Sapper Crucible: ‘The nuts and bolts of what a soldier is’

VIDEO: SPCA ushers in new era with Castlegar facility

$2.69-million project had ribbon cutting on Friday

Environment Canada confirms Ottawa area hit by two tornadoes Friday

At one point more than 200,000 hydro customers were blacked out

B.C. students send books to displaced students of Hornby Island school fire

Maple Ridge elementary school teacher says students learned about acts of kindness

WHL: Kootenay Ice drop Calgary Hitmen 5-3 in home opener

Youth take centre stage as Kootenay explodes for three second-period goals

Trump drains oxygen from Trudeau foreign policy with PM, Freeland bound for UN

A lot has changed since the Liberals came to power in Canada in 2015

B.C. man fined $15,000, barred from trading securities for fraud

Larry Keith Davis used money from an investor to pay personal bills

Family, friends of B.C murder victim want killer sent back to max security facility

Group wants convicted murderer Walter Ramsay sent back to a maximum security facility

B.C. VIEWS: Looking under the hood of ICBC’s war on crashes

Is our accident rate really soaring, or is it inefficiency?

Most Read