The Treasury Board of Canada says it discovered suspicious activity on more than 48,000 Canada Revenue Agency accounts following cyber attacks in July and August.
The Treasury says the previously announced attacks targeted the accounts of the CRA and GCKey, an online portal through which Canadians access employment insurance and immigration services.
The attackers used a method called credential stuffing, which takes advantage of people who reuse usernames and passwords across multiple platforms that may have been previously hacked.
Treasure says GCKey was not compromised, but it has revoked 9,300 credentials for its system and is contacting those users in hopes of blocking subsequent attacks.
Canadians who receive a revocation message can sign up for new credentials or use SecureKey Concierge, which allows users to sign in to 269 government services through partners, such as major banks.
Treasury says Royal Canadian Mounted Police investigation of the attacks is still ongoing and relevant departments have been in contact with the Office of the Privacy Commissioner to provide updates on compromised personal information .