The Canada Revenue Agency (CRA) headquarters Connaught Building is pictured in Ottawa on Monday, Aug. 17, 2020. THE CANADIAN PRESS/Sean Kilpatrick

CRA resumes online services with new security features after cyberattacks

All individuals affected by the cybersecurity breaches will receive a letter from the CRA

The Canada Revenue Agency has resumed all online services after fraudsters used thousands of pilfered usernames and passwords to obtain government services.

The agency disabled the services Saturday after discovering more than 5,000 accounts had been the target of three cyberattacks.

Online access to “My Business Account” resumed Monday and all others were brought back online Wednesday evening.

The agency says it regrets the impacts on Canadians and has modified all its security systems to protect against future cyberattacks.

All individuals affected by the cybersecurity breaches will receive a letter from the CRA explaining how to confirm their identity in order to protect and restore access to their account.

The agency urges everyone using its online services to update their accounts with unique passwords they don’t use for any other purpose.

It also recommends all CRA “My Account” users enable email notifications as an additional measure of security.

They can also opt to use a new security feature that will allow them to set up a unique personal identification number to open an account.

About 5,600 CRA accounts were targeted in what the CRA has described as “credential stuffing” schemes, in which hackers used passwords and usernames from other websites to access Canadians’ CRA accounts.

The first of three attacks last week took aim at the GCKey service, which is used by about 30 federal departments and allows Canadians to access services like the My Service Canada account.

By using the previously stolen usernames and passwords, the perpetrators were able to fraudulently acquire about 9,000 of the some 12 million GCKey accounts.

Separately, CRA’s system was hit by credential stuffing attacks. The perpetrators were able to use previously hacked credentials to access the CRA portal. They were also able to exploit a vulnerability that allowed them to bypass the CRA security questions and get into thousands more accounts.

In addition, the CRA portal was directly targeted with a large amount of traffic trying to attack the services through credential stuffing.

The Canadian Press

Canadacybersecurity

Get local stories you won't find anywhere else right to your inbox.
Sign up here

Just Posted

Unofficial holidays: Here’s what people are celebrating for the week of Sept. 20 to 26

Rabbit Day, Hobbit Day and One-Hit Wonder Day are all coming up this week

Interior Health reports three additional COVID-19 cases in region

The number of cases in the region since the beginning of the pandemic are now at 492

Vehicle found “burnt to a crisp” off of Hwy 5

Update from Clearwater RCMP detachment

One day, your way

Information about this year’s Terry Fox (virtual) Run

B.C. or Ontario? Residential school survivors fight move of court battle

It’s now up to Ontario’s Court of Appeal to sort out the venue question

B.C. transportation minister will not seek re-election

Claire Trevena has held the position since 2017

Young B.C. cancer survivor rides 105-km with Terry Fox’s brother

Jacob Bredenhof and Darrell Fox’s cycling trek raises almost $90,000 for cancer research

B.C. migrant, undocumented workers rally for permanent residency program

Rally is part of the Amnesty for Undocumented Workers Campaign led by the Migrant Workers Centre

Preparations underway for pandemic election in Saskatchewan and maybe B.C.

Administrators in B.C. and around the country are also looking to expand voting by mail during the pandemic

Nearly 20 per cent of COVID-19 infections among health-care workers by late July

WHO acknowledged the possibility that COVID-19 might be spread in the air under certain conditions

Supreme Court Justice Ruth Bader Ginsburg dies at 87

The court’s second female justice, died Friday at her home in Washington

Emaciated grizzly found dead on central B.C. coast as low salmon count sparks concern

Grizzly was found on Gwa’sala-‘Nakwaxda’xw territory in Smith Inlet, 60K north of Port Hardy

VIDEO: B.C. to launch mouth-rinse COVID-19 test for kids

Test involves swishing and gargling saline in mouth and no deep-nasal swab

Most Read