Heartbleed Causes Breach in Canada

Revenue Agency Says Social Insurance Numbers Compromised
Heartbleed Causes Breach in Canada

The Canada Revenue Agency reports that 900 taxpayers had their Social Insurance numbers compromised in a breach stemming from a cyber-attacker exploiting the Heartbleed vulnerability in CRA systems.

See Also: Live Webinar | How To Meet Your Zero Trust Goals Through Advanced Endpoint Strategies

"Regrettably, the CRA has been notified by the Government of Canada's lead security agencies of a malicious breach of taxpayer data that occurred over a six-hour period," Commissioner Andrew Treusch says in a statement issued April 14.

"We are currently going through the painstaking process of analyzing other fragments of data, some that may relate to businesses, that were also removed," Treusch says. "Thanks to the dedicated support of Shared Services Canada and our security partners, the agency was able to contain the infiltration. Further, analysis to date indicates no other CRA infiltrations have occurred either before or after this breach."

The CRA will notify impacted individuals about the breach and offer them free credit protection services. The agency did not immediately respond to a request for additional information.

Canada Halted Online Tax Returns

The CRA on April 9 shut down public access to its online services, halting online tax returns until the situation had been remedied. On April 13, the CRA restored online services and customers are now able to file their tax returns.

"After learning ... about the Internet security vulnerability named the Heartbleed Bug that is affecting systems around the world, the CRA acted quickly, as a preventive measure, to temporarily shut down public access to our online services to safeguard the integrity of the information we hold," the CRA says in a statement posted to its website.

Minister of National Revenue Kerry-Lynne D. Findlay had said individual taxpayers will not be penalized for the service interruption. "Interest and penalties won't be applied to individuals filing 2013 tax returns after April 30 [filing deadline] for [a] period equal to length of service disruption," she says in a Twitter post.

Heartbleed exposes a flaw in OpenSSL, a cryptographic tool that provides communication security and privacy over the Internet for applications such as Web, e-mail, instant messaging and some virtual private networks (see: Heartbleed Bug: What You Need to Know).

About the Author

Jeffrey Roman

Jeffrey Roman

News Writer, ISMG

Roman is the former News Writer for Information Security Media Group. Having worked for multiple publications at The College of New Jersey, including the College's newspaper "The Signal" and alumni magazine, Roman has experience in journalism, copy editing and communications.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing databreachtoday.com, you agree to our use of cookies.