What to Know (and Do) About CRA Breach and Closure – National


The Canada Revenue Agency says it was forced to temporarily suspend its online services after a series of cyber attacks that compromised the usernames and passwords of thousands of accounts.The federal government described the three separate hacks as a “credential stuffing” system – a type of cyber attack that uses passwords and usernames from other websites to access accounts with the CRA.

Essentially, it targets people who use the same password and same username for multiple login information.

Read more:

CRA expects online services to be restored by Wednesday after cyberattacks

The government said the attack was detected early on and has since been brought under control, but the CRA’s online services are not expected to be restored until Wednesday.

The RCMP is currently investigating the violations.

The story continues under the ad

Here’s a look at what the officials are saying happened and what you need to know.

What happened?

The CRA was affected by a total of three cybersecurity incidents.

CRA shuts down online services after cyber attacks expose thousands of accounts

CRA shuts down online services after cyber attacks expose thousands of accounts

The first and most significant attack was against GCKey accounts, which allow Canadians to access services like Employment Insurance (EI); My Service Canada accounts; Immigration, Refugees and Citizenship Canada Accounts; and veterans programs. The attack may have given hackers access to 5,600 My CRA accounts.

The second attack came last week when hackers took advantage of a “vulnerability in security software, which allowed (hackers) to bypass and access security issues,” said Annette Butikofer, manager. information to the CRA, during a press conference. Monday.

The third attack occurred over the weekend, prompting the CRA to suspend online services while it assessed the violation. Any “link” between My CRA accounts and My Service Canada accounts has also been temporarily disabled, officials said.

The story continues under the ad

In total, about 5,600 out of 15 million accounts may have been affected.

Read more:

CRA shuts down online services after cyber attacks expose thousands of accounts

“The important thing to recognize in this particular case is that this is not an attack where they go through the backdoor, they apply credentials like normal users,” said Marc Brouillard, the Acting Chief Information Officer of the Federal Government.

“So it’s very difficult to detect this traffic from normal traffic. ”

Brouillard said the CRA had systems in place to monitor and research these abnormal behaviors, which ultimately identified the attack.

“Identifying the good from the bad is one of the ongoing challenges we are working on,” he said.

ARC portal closed after heavy traffic, government official says

ARC portal closed after heavy traffic, government official says

How do I know if I’ve been hit?

Government officials say affected Canadians will be notified by the CRA this week if their account has been breached and what to do about it.

The story continues under the ad

A number of Canadians may have already received notification from the CRA by email or phone over the weekend, officials said. An email was also sent to “all EI clients,” said Lori MacDonald, COO of Service Canada.

Letters were also sent to affected Canadians, which are expected to be received this week, officials said.

However, some Canadians have noticed the breaches themselves.

Read more:

CRA Launches Updated Wage Subsidy Calculator Ahead of Next Phase of COVID-19 Assistance Program

A woman in Kitchener, Ont., Told The Canadian Press that she first realized her account had been compromised when she received several emails from the CRA saying she had successfully applied for for the emergency benefits program – which she did not do.

What should I do if I have been hit?

Anyone affected will be contacted by the CRA by email or letter, which will explain how to reconfirm your identity and restore access to your account.

The CRA and federal officials have not provided information on what is required to re-authenticate a hacked account.

Once reactivated, the account holder will be encouraged to add email notifications as an “additional level of security” if they have not already enabled the option.

The story continues under the ad

“These notifications serve as an early warning to Canadians of potential account violations,” said Butikofer.

Nearly 9,000 key GC accounts hacked in CRA cyberattack, federal government says

Nearly 9,000 GC Key Accounts Hacked in CRA Cyberattack, Federal Government Says

If you notice any unusual behavior or changes to your account, the CRA encourages you to notify it.

MacDonald said if theft or fraud has been identified on an account, the CRA “will provide assistance and credit protection as needed … to ensure the account is complete.”

But since the breach came from usernames and passwords originally stolen from other sites – not the CRA – Fog said it was important for anyone who thinks they’ve been affected to make a scanning all of its other online accounts for any abnormal behavior.

“If you’ve been a victim here, there’s a good chance you’ve been a victim elsewhere, too,” he says. “These credentials have been stolen at some point in the past and these hackers are reusing them. “

The story continues under the ad

If I haven’t been impacted, what precautions can I take?

The government has warned Canadians to use unique passwords for all online accounts and to monitor them for suspicious activity.

Read more:

Canada plays a leading role in global cybersecurity efforts to counter electoral interference

The CRA has also encouraged anyone who has not turned on email notifications to do so.

Scott Jones, head of the Canadian Center for Cyber ​​Security, said Canadians can take five steps to “significantly offset the risk of any threat from a hacker at any site.”

He recommends practicing good password etiquette (i.e. not using the same password for multiple accounts and using two-factor authentication when available), knowing how to spot phishing attempts, how to secure social networks and other accounts with as much protection as possible, how to keep your computers and mobile devices up to date, and how to store data securely. You can read more about these guidelines here.

“We ask people not to contact us just to ask if they have been affected, as this can cause additional wait times for Canadians who urgently need to reach us,” said Butikofer.

Can I still apply for benefit programs?

The decision to briefly suspend the CRA’s online services comes as many Canadians continue to seek COVID-19-related benefit programs, such as the fifth round of the federal wage subsidy program.

The story continues under the ad

Canada Revenue Agency Suspends Online Services After Three Cyber ​​Security Attacks Affected 5,600 Users

Canada Revenue Agency Suspends Online Services After Three Cyber ​​Security Attacks Affected 5,600 Users

Although online services are not available, Canadians can still apply for programs like the Canada Student Emergency Benefit or the Canada Emergency Response Benefit (CERB), according to a senior government official .

Canadians can apply by calling 1-800-959-8281.

Canadians can also apply for these benefits retroactively over the phone.

Once the online portal is restarted, applications will resume.

And after?

Officials are now trying to determine how many services that were successfully accessed were fraudulent.

The RCMP and the Federal Privacy Commissioner have also been called upon to assess the extent and scope of the personal information stolen.

The RCMP will also investigate the source of the cyber attacks.

The story continues under the ad

Part of that investigation will be to determine where the attacks are coming from, Brouillard said.

– with files from the Canadian Press

© 2020 Global News, a division of Corus Entertainment Inc.


Please enter your comment!
Please enter your name here