Canada Revenue Agency suspends online services after cyberattacks

Many of the hacked CRA accounts were targeted as part of a broader ‘credential stuffing’ attack

The Canada Revenue Agency has temporarily suspended its online services after two cyberattacks in which hackers used thousands of stolen usernames and passwords to fraudulently obtain government services and compromise Canadians’ personal information.

A total of 5,500 CRA accounts were targeted in what the federal government described as two “credential stuffing” schemes, in which hackers use passwords and usernames from other websites to access Canadians’ accounts with the revenue agency.

The decision to suspend CRA’s online services comes at a time when many Canadians and businesses have been using the revenue agency’s website to apply for and access financial support related to the COVID-19 pandemic.

The government is hoping to reinstate online access for businesses on Monday, according to a senior government official. That is when companies struggling due to the pandemic can start to apply for the latest round of federal wage subsidies.

It wasn’t immediately clear what impact the suspension of services will have in terms of other federal benefits, however, including the Canada Child Benefit and Canada Emergency Response Benefit for those affected by COVID-19.

The revenue agency was also vague in terms of what victims of the attack will have to do to get their accounts reinstated after it disabled them to prevent further fraud, saying only that letters will be mailed to those who have been affected.

At least one victim says she has yet to hear anything from the government after someone hacked into her CRA account earlier this month and successfully applied for the $2,000-per-month Canada Emergency Response Benefit for COVID-19.

Leah Baverstock, a law clerk in Kitchener, Ont., says she first realized her account had been compromised and contacted the revenue agency herself when she received several emails from CRA on Aug. 7 saying she had successfully applied for the CERB.

“The lady I spoke to at CRA, she’s said: ‘This is a one-off,’” said Baverstock, who has continued to work through the pandemic and did not apply for the support payments.

“And she told me a senior officer would be calling me within 24 hours because my account was completely locked down. And I still haven’t heard from anybody.”

READ MORE: Thousands of CRA and government accounts disabled after cyberattack

Baverstock expressed frustration at the lack of contact, adding she still does not know how the hackers accessed her account. She has since contacted her bank and other financial institutions to stop the hackers from using her information to commit more fraud.

“I am quite concerned,” she said. “Somebody could be living under my name. Who knows. It’s scary. It’s really scary.”

Many of the hacked CRA accounts were targeted as part of a broader “credential stuffing” attack in which more than 9,000 accounts that Canadians use to apply for and access federal services were compromised.

Those hacked accounts were tied to GCKey, which is used by around 30 federal departments and allows Canadians to access various services such as employment insurance, veterans’ benefits and immigration applications.

“These attacks, which used passwords and usernames collected from previous hacks of accounts worldwide, took advantage of the fact that many people reuse passwords and usernames across multiple accounts,” the Treasury Board of Canada said in a statement.

One-third of those accounts successfully accessed services before all of the affected accounts were shut down, said the Treasury Board, which is responsible for managing the federal civil service as well as the public purse.

Officials are now trying to determine not only how many of those services were fraudulent while the RCMP and federal privacy commissioner have been called in to assess the scale and scope of personal information stolen.

The government warned Canadians to use unique passwords for all online accounts and to monitor them for suspicious activity.

The Canadian Anti-Fraud Centre says more than 13,000 Canadians have been victims of fraud totalling $51 million this year. There have been 1,729 victims of COVID-19 fraud worth $5.55 million.

Lee Berthiaume, The Canadian Press


Like us on Facebook and follow us on Twitter.

Want to support local journalism during the pandemic? Make a donation here.

Canadian Revenue AgencyCyberfraudfraudhackers

Get local stories you won't find anywhere else right to your inbox.
Sign up here

Just Posted

“We have to make a call out to address this now so our people don’t have to feel fearful,” said Tribal Chief Mina Holmes. (Carrier Sekani Tribal Council Facebook photo)
Carrier Sekani Tribal Council seeks Indigenous-led task force in northern B.C. hospitals

Request made in an open letter to federal minister Carolyn Bennett

NDP headquarters on election night, Oct. 24, 2020. (Katya Slepian/Black Press Media)
ELECTION 2020: Live blog from B.C. party headquarters

BC NDP projected to win majority government – but celebrations will look different this election

Jennifer Rice BC NDP North Coast Incumbent was re-elected for a third according to the preliminary results on election night, Oct. 24, 2020. (Photo: K-J Millar/The Northern View)
Jennifer Rice is North Coast MLA for third term

Preliminary election results show NDP Majority government

B.C. Green Party leader Sonia Furstenau outlines her party's climate action platform at Nanaimo's Vancouver Island Conference Centre earlier this month. (News Bulletin file photo)
Green leader Furstenau declared victor in her home riding on Vancouver Island

Cowichan Valley voters elect freshly minted party leader for her second term

John Horgan has been re-elected the MLA for Langford-Juan de Fuca. (File-Black Press)
Horgan trounces challengers to be re-elected in his Vancouver Island riding

MLA has represented constituency of Langford-Juan de Fuca and its predecessors since 2005

FILE – Provincial Health Officer Dr. Bonnie Henry provides the latest update on the COVID-19 pandemic in the province during a press conference in the press theatre at Legislature in Victoria, B.C., on Thursday, October 22, 2020. THE CANADIAN PRESS/Chad Hipolito
B.C. shatters COVID-19 records with 817 weekend cases; masks now expected indoors

Three people have died over the past three reporting periods

RCMP have released more details regarding what led up to an arrest caught on video in Williams Lake Sunday, Oct. 26. (Facebook video screenshot)
Review launched after ‘high-risk, multi-jurisdictional’ chase, arrest in Williams Lake

RCMP launching a full review and code of conduct investigation

(Pxfuel)
B.C. limits events in private homes to household, plus ‘safe six’ amid COVID-19 surge

Henry issued a public health order limiting private gatherings to one household, plus a group of ‘safe six’ only

B.C. Liberal Leader Andrew Wilkinson speaks during a drive-in car rally campaign stop at a tour bus operator, in Delta, Saturday, Oct. 17, 2020. THE CANADIAN PRESS/Darryl Dyck
Andrew Wilkinson stepping down as B.C. Liberal leader

Will stay on until the next party leader is chosen

Harvesters participating in the extended commercial halibut season will need to land their catch in either Prince Rupert (pictured), Vancouver, or Port Hardy by Dec. 14. (File photo)
B.C.’s commercial halibut season extended three weeks

COVID-19 market disruptions at the root of DFO’s decision

Join Black Press Media and Do Some Good

Pay it Forward program supports local businesses in their community giving

VicPD and B.C. Conservation Officer Service teamed up to free two bucks who were entangled in a fishing net and dragging a wheelbarrow sized piece of driftwood behind them. (VicPD)
VIDEO: Police, B.C. Conservation help two bucks caught in one fishing net

Bucks were also dragging a wheelbarrow sized piece of driftwood behind them

A heavy police presence was spotted in Lumby, Monday, Oct. 26, 2020. (Facebook)
Police situation leads to ‘hold and secure’ at North Okanagan school

Police call for social media blackout in ongoing incident

Most Read