1 month after the cyberattack, some CRA online services remain unavailable


More than a month after the Canada Revenue Agency took its website offline following a major cyberattack, the federal tax collection agency will not say when it expects its online services are completely back to normal.A number of services from the CRA’s online portal for Canadian individuals remain unavailable, including the ability to manage direct deposit information, change address, or authorize a representative.

Links to Service Canada accounts have also been disabled.

The CRA “is working diligently to restore access to all services as quickly as possible,” spokesperson Sylvie Branch wrote in an email.

But the CRA won’t say when it expects this to be the case, only that a “forensic analysis related to recent cyber incidents continues.”

The CRA discovered suspicious activity on approximately 48,000 accounts after the two ‘credential stuffing’ attacks in June and August, which took advantage of the fact that many people use the same credentials for multiple services, the Treasury Board of Canada said earlier. this month.

‘Complex systems’

Jose Manuel Fernandez, a professor at the Polytechnic University of Montreal who teaches computer security, said it takes time to investigate cyber attacks and fix vulnerabilities.

“These systems are very complex,” he said. “The industry as a whole has a terrible track record of creating reliable, bug-free software that can be exploited. ”

He said it was common for organizations to limit access to certain services while they were investigating, comparing it to the police yellow tape around a crime scene.

An organization like the CRA may also limit the ability of users to make certain changes to reduce the risk of stolen information being used for fraudulent purposes.

The CRA has said the COVID-19 pandemic is not slowing its response.

“The fact that many CRA employees work from home does not affect the ability of the CRA to provide full functionality online,” said the Directorate.


Please enter your comment!
Please enter your name here