CRA loses taxpayer data to Heartbleed bug

Tax agency says 900 social insurance numbers compromised in online privacy breach

The Canada Revenue Agency says the social insurance numbers of 900 taxpayers were stolen last week by someone using the Heartbleed encryption vulnerability before the taxation agency shut down public access to its online services.

It happened over a six-hour period by someone exploiting the vulnerability in many supposedly secure websites that used an open-source encryption system.

The CRA said it will send registered letters to affected taxpayers and will not be emailing them because it doesn’t want fraudsters to use phishing schemes to further exploit the privacy breach.

“I want to express regret to Canadians for this service interruption,” CRA commissioner Andrew Treusch said. “I share the concern and dismay of those individuals whose privacy has been impacted by this malicious act.”

Other personal data and possibly businesses’ information may also have been lost.

“We are currently going through the painstaking process of analyzing other fragments of data, some that may relate to businesses, that were also removed,” Treusch said.

Taxpayers whose data was compromised will get bolstered CRA account protection and free access to credit protection services.

Canada’s Privacy Commissioner is also investigating.

Online services, including the E-file and Netfile online income tax portals, were patched and re-launched Sunday after what the CRA called a vigourous test to ensure they are safe and secure.

The CRA cut off access to those services April 8 as word spread that the Heartbleed bug had given hackers access to passwords, credit card numbers and other information at many websites.

People whose income tax filing was delayed by last week’s CRA interruption have been given until May 5 – beyond the usual April 30 filing deadline – to file returns without being penalized.

The Heartbleed vulnerability, which has existed for two years, compromised secure web browsing at some sites despite the display of a closed padlock that indicates an encrypted connection.

Just Posted

Shuswap refugee family settles into new, more hopeful life

Father of 10th Syrian family to come to Salmon Arm says learning English, work, top priorities

UPDATE: Preliminary inquiry for Sagmoen continues in Vernon

Sagmoen, whose charges were split into three separate matters, has been in custody since Oct. 2017

Salmon Arm Silverbacks rally to beat Vernon Vipers

Overtime goal lifts home team to 4-3 B.C. Hockey League win Sunday afternoon in the Shuswap

Voter turnout rises in Salmon Arm and Sicamous municipal elections

A greater percentage of voters made it to the polls on Saturday than they did in 2014.

Mayoral results from across B.C.

Voters in 162 municipalities in B.C. set to elect mayor, council, school board and more

B.C. sailor surprised by humpback whale playing under her boat

Jodi Klahm-Kozicki said the experience was ‘magical’ near Denman Island

Ovechkin has 4 points as Caps rough up Canucks 5-2

WATCH: Defending champs pick up impressive win in Vancouver

World Junior Hockey fever hits Vernon

Vipers spice up floor ball demonstration at OK Landing School

RCMP seek missing Vernon man

Michael Ramsey, 49, was last seen Oct. 21

B.C. government moves to tighten resource industry regulations

New superintendent will oversee engineers, biologists, foresters

Election watchdog seeks digitally savvy specialists to zero in on threats

Move follows troublesome evidence of online Russian interference in the 2016 U.S. election

More court before Dutch man charged in Amanda Todd case is extradited here

Appeals must be dealt with in Europe, before charges faced in B.C.

Most Read