Loading articles...

CRA expects online services back Wednesday following cyberbreaches

Last Updated Aug 17, 2020 at 10:47 am PDT

Marc Brouillard, CTO for the Government of Canada, joins fellow senior officials from the Treasury Board of Canada Secretariat, the Canada Revenue Agency, and the Canadian Centre for Cyber Security to provide an update regarding the recent cyber attacks against GCKey and CRA accounts during a technical briefing on Parliament Hill in Ottawa on Monday, Aug. 17, 2020. THE CANADIAN PRESS/Sean Kilpatrick
Summary

The CRA expects online services to be fully restored by Wednesday after cyber-breaches

Ottawa describes the breaches as 'credential stuffing' schemes

The federal government confirmed the attack was worse than it thought, 11,200 Canadians' accounts were compromised

OTTAWA — The Canada Revenue Agency expects online services to be fully restored by Wednesday after hackers used thousands of stolen usernames and passwords to fraudulently obtain government services.

About 5,600 CRA accounts were targeted in what the federal government describes as “credential stuffing” schemes, in which hackers used passwords and usernames from other websites to access Canadians’ revenue agency accounts.

RELATED: Canada Revenue Agency suspends online services after cyberattacks

The CRA is one of several government departments hit by the credential-attack, which was detected last Tuesday and only relayed to the public over the weekend.

The federal government confirmed the attack was worse than it thought, with three separate attacks compromising the accounts of 11,200 Canadians.

Marc Brouillard, the federal government’s acting chief information officer, says those who were impacted should take action.

“If you’ve been a victim here, there’s a good chance you are a victim elsewhere, as well. Check your bank accounts, check your social media.”

However, he says relatively few accounts were affected by the breach, considering the overall number of Canadians who use the tax service.

“Not to minimize it, but 9,000 or 11,000 out of 12-million, this was still a pretty sophisticated capacity to identify those accounts. We have thousands of transactions every day on this system, so it is a high-volume system.”

Officials say the RCMP is investigating the breaches.

The suspension of CRA’s online services comes as many Canadians are using the revenue agency’s website to access financial support related to the COVID-19 pandemic.

A senior agency official told a news briefing today that Canadians can still apply for benefit programs by calling 1-800-959-8281.

The government is advising Canadians to use unique passwords for all online accounts and to check for suspicious activity.

The Canadian Anti-Fraud Centre says more than 13,000 Canadians have been victims of fraud totaling $51 million this year. There have been 1,729 victims of COVID-19 fraud worth $5.55 million.