CRA loses taxpayer data to Heartbleed bug

Tax agency says 900 social insurance numbers compromised in online privacy breach

The Canada Revenue Agency says the social insurance numbers of 900 taxpayers were stolen last week by someone using the Heartbleed encryption vulnerability before the taxation agency shut down public access to its online services.

It happened over a six-hour period by someone exploiting the vulnerability in many supposedly secure websites that used an open-source encryption system.

The CRA said it will send registered letters to affected taxpayers and will not be emailing them because it doesn’t want fraudsters to use phishing schemes to further exploit the privacy breach.

“I want to express regret to Canadians for this service interruption,” CRA commissioner Andrew Treusch said. “I share the concern and dismay of those individuals whose privacy has been impacted by this malicious act.”

Other personal data and possibly businesses’ information may also have been lost.

“We are currently going through the painstaking process of analyzing other fragments of data, some that may relate to businesses, that were also removed,” Treusch said.

Taxpayers whose data was compromised will get bolstered CRA account protection and free access to credit protection services.

Canada’s Privacy Commissioner is also investigating.

Online services, including the E-file and Netfile online income tax portals, were patched and re-launched Sunday after what the CRA called a vigourous test to ensure they are safe and secure.

The CRA cut off access to those services April 8 as word spread that the Heartbleed bug had given hackers access to passwords, credit card numbers and other information at many websites.

People whose income tax filing was delayed by last week’s CRA interruption have been given until May 5 – beyond the usual April 30 filing deadline – to file returns without being penalized.

The Heartbleed vulnerability, which has existed for two years, compromised secure web browsing at some sites despite the display of a closed padlock that indicates an encrypted connection.

Just Posted

Young Langley family plagued by angry cab customers

A couple rents a house formerly used by a cab firm, and unwelcome visitors knocking.

Woman groped on Langley’s 208th Street

Police are asking for tips to identify the man responsible.

PHOTOS: Family Day a success at Aldergrove Telephone Museum

A record number of people visited the Telephone Museum on Monday to tour the historic exhibits.

Fort jazz fest on the search for young talent

Fort Langley Jazz & Arts Festival is looking for their first “Rising Young Star.”

VIDEO: Langley wrestler takes gold at high school games

Victory felt like a comeback for D.W. Poppy student Parm Sidhu

VIDEO: Massive elk herd runs across Washington State highway

Elk have been making an appearance in the Pacific Northwest

Winter storm freezes U.S., halts air travel

Storm dumps snow or heavy rain, snarls travel in much of U.S.

Gwyneth Paltrow: Skier sued me to exploit my fame, wealth

The incident happened in Deer Valley Resort in Park City, Utah

Highway one will be closed tomorrow for avalanche control near Golden

The closure is expected to last for two hours

B.C. Seniors Advocate questions labour shortage in care homes

Are there really no workers, or are care aide wages too low?

B.C. business groups worry about looming economic decline in wake of NDP budget

The party’s second government budget focused on plenty of spending, business advocates say

Man injured in police shooting near Nelson has died: B.C. police watchdog

The death follows an incident in Bonnington on Feb. 13

Former NHL star Fleury in Surrey for conference on child abuse

At Surrey City Hall, two-day event hosted by Sophie’s Place Child and Youth Advocacy Centre

Experts urge caution after 10 human-triggered avalanches across B.C.

One man is still stuck after avalanche on south coast

Most Read