CRA loses taxpayer data to Heartbleed bug

Tax agency says 900 social insurance numbers compromised in online privacy breach

The Canada Revenue Agency says the social insurance numbers of 900 taxpayers were stolen last week by someone using the Heartbleed encryption vulnerability before the taxation agency shut down public access to its online services.

It happened over a six-hour period by someone exploiting the vulnerability in many supposedly secure websites that used an open-source encryption system.

The CRA said it will send registered letters to affected taxpayers and will not be emailing them because it doesn’t want fraudsters to use phishing schemes to further exploit the privacy breach.

“I want to express regret to Canadians for this service interruption,” CRA commissioner Andrew Treusch said. “I share the concern and dismay of those individuals whose privacy has been impacted by this malicious act.”

Other personal data and possibly businesses’ information may also have been lost.

“We are currently going through the painstaking process of analyzing other fragments of data, some that may relate to businesses, that were also removed,” Treusch said.

Taxpayers whose data was compromised will get bolstered CRA account protection and free access to credit protection services.

Canada’s Privacy Commissioner is also investigating.

Online services, including the E-file and Netfile online income tax portals, were patched and re-launched Sunday after what the CRA called a vigourous test to ensure they are safe and secure.

The CRA cut off access to those services April 8 as word spread that the Heartbleed bug had given hackers access to passwords, credit card numbers and other information at many websites.

People whose income tax filing was delayed by last week’s CRA interruption have been given until May 5 – beyond the usual April 30 filing deadline – to file returns without being penalized.

The Heartbleed vulnerability, which has existed for two years, compromised secure web browsing at some sites despite the display of a closed padlock that indicates an encrypted connection.

Just Posted

Don’t let mosquitoes take a bite out of summer enjoyment

Tips from Interior Health to limit the mosquito problem

Mercury rises in the Okanagan-Shuswap

Temperatures reach about 36 C with humidex in the Okanagan and Shuswap

Stay safe in the heat

Hot sun can cause burns and life-threatening illness

Commercial/residential development planned for foreshore

Salmon Arm project near regional district building goes to hearing

Marijuana to be legal in Canada Oct. 17: Trudeau

Prime Minister made the announcement during question period in the House of Commons

VIDEO: Vernon-area students read for rank

RCMP visited JW Inglis on Wednesday as part of the Read with Me and the RCMP program.

New Jersey forward Taylor Hall wins Hart Trophy as NHL MVP

Vancouver’s Sedin brothers share King Clancy Award for humanitarian efforts

Unfiltered: IPAs explained with Cannery Brewing brewmaster

Checking out the new IPA created by Penticton brewery Cannery Brewing Company

Man gets 2 years in prison for assault on Okanagan Correctional officer

Union rep said inmate sucker punched correctional officer, continued assault after officer fell

50 new fires sparked in B.C. after lightning strikes across province

Similar conditions seen at the beginning of 2017 wildfire season

B.C. woman graduates high school at age 92

Nanaimo’s Joan Deebank the oldest high school graduate ever in B.C., as far as ministry can confirm

B.C. Appeal Court rules lottery winner must be paid back $600,000 loan

Enone Rosas won $4.1 million in a lottery in 2007 and loaned a portion to a friend

B.C. man surprised after used needle falls from sky

A Vernon resident said a syringe fell out of the sky and landed at his feet

Liquor review finds issues with B.C. wholesale monopoly

Report calls for ‘conflict of interest’ in system to be fixed

Most Read