Canada Revenue Agency hit by cyberattacks; thousands of accounts affected

canada revenue agency

by Touria Izri, CTV News

The Canada Revenue Agency revealed it was hit by two cyberattacks in a data breach that compromised the personal information of thousands of Canadians.

The CRA told CTV Saturday, at least 5,500 accounts were affected by the hack, which is now “contained.” The CRA’s ‘My Account,’ ‘My Business Account’ and ‘Represent a Client’ were targeted in the cyberattacks.

The breaches involved fraudulent CERB payments. Email addresses and direct deposit information were also exposed.

“The CRA quickly identified the impacted accounts and disabled access to these accounts to ensure the safety and security of the taxpayer’s information,” said CRA spokesperson Christopher Doody in an email Saturday.

“In this incident, the usernames and passwords that were used were acquired by fraudsters in previous third-party data breaches,” said Doody. “To help lower the risk of being affected by these kinds of cyberattacks, people are strongly encouraged to avoid reusing passwords for different systems and applications.”

The CRA has contacted RCMP and an investigation is now underway.

Doody said the agency is sending letters to people whose accounts have been compromised.

“The CRA is prioritizing calls from the victims of fraud and identity theft, and is answering calls as quickly as possible,” said the email.

The agency is recommending ‘My Account’ users enable email notifications, which the CRA said can act “as an early warning to Canadians of potential fraudulent activity on their account.”


Breaking News alerts, info on contests, and special offers from partners