CRA loses taxpayer data to Heartbleed bug

Tax agency says 900 social insurance numbers compromised in online privacy breach

The Canada Revenue Agency says the social insurance numbers of 900 taxpayers were stolen last week by someone using the Heartbleed encryption vulnerability before the taxation agency shut down public access to its online services.

It happened over a six-hour period by someone exploiting the vulnerability in many supposedly secure websites that used an open-source encryption system.

The CRA said it will send registered letters to affected taxpayers and will not be emailing them because it doesn’t want fraudsters to use phishing schemes to further exploit the privacy breach.

“I want to express regret to Canadians for this service interruption,” CRA commissioner Andrew Treusch said. “I share the concern and dismay of those individuals whose privacy has been impacted by this malicious act.”

Other personal data and possibly businesses’ information may also have been lost.

“We are currently going through the painstaking process of analyzing other fragments of data, some that may relate to businesses, that were also removed,” Treusch said.

Taxpayers whose data was compromised will get bolstered CRA account protection and free access to credit protection services.

Canada’s Privacy Commissioner is also investigating.

Online services, including the E-file and Netfile online income tax portals, were patched and re-launched Sunday after what the CRA called a vigourous test to ensure they are safe and secure.

The CRA cut off access to those services April 8 as word spread that the Heartbleed bug had given hackers access to passwords, credit card numbers and other information at many websites.

People whose income tax filing was delayed by last week’s CRA interruption have been given until May 5 – beyond the usual April 30 filing deadline – to file returns without being penalized.

The Heartbleed vulnerability, which has existed for two years, compromised secure web browsing at some sites despite the display of a closed padlock that indicates an encrypted connection.

Just Posted

Family of B.C. pilot killed in Honduras trying to ‘piece together’ tragedy

Patrick Forseth has a number of friends in the area and was loved by everyone

Fifth cannabis store proposed for downtown

City of Salmon Arm policy limits number cannabis retailers in core to four

Okanagan-Shuswap weather: cloudy

Environment Canada is calling for a similar day tomorrow.

Video: Sicamous Museum gifted with model of historic CP Rail hotel

Calgary family with ties to the area commissioned intricate model for museum

Top women’s hockey player Natalie Spooner coming to the Okanagan

Natalie Spooner special guest at annual Grindstone Award Foundation charity weekend in Kelowna

Rescuers finally persuade Eiffel Tower climber to come down

The official said the man was ‘under control and out of danger’ on Monday night

Justin Trudeau credits immigration for Canada’s growing tech sector

Trudeau stressed that Canada has become a major source of talent for tech all over the world

Feds launch tourism strategy designed to boost sector 25 per cent by 2025

The fund is supposed to back experiences that show off Canada’s strengths

Sister of cancer victim cycles across Canada to raise awareness

Her journey started on May 14 and will end in early August

Column: A solar pioneer in the Okanagan rides among us

This Summerland octogenarian has been producing his own electrical energy for more than 20 years

Should B.C. already be implementing province-wide fire bans?

A petition is calling for B.C. Wildfire Service to issue a ban to reduce risk of human caused wildfires

Growing wildfire prompts evacuation of High Level, Alta.

Chuckegg Creek fire has been burning for several days, but grew substantially Sunday

Our history in pictures: Early four-way stop in Salmon Arm

This photo was taken at the four-way stop where Wharf Road intersects… Continue reading

Column: Parallel parking surveys and precedent

In Plain View by Lachlan Labere

Most Read