900 taxpayers had Social Insurance Numbers stolen: CRA
Sandie Benitah, CP24.com
Published Monday, April 14, 2014 9:11AM EDT
Last Updated Monday, April 14, 2014 4:07PM EDT
The Social Insurance Numbers (SIN) of about 900 taxpayers were stolen by someone exposing vulnerabilities caused by the Heartbleed computer bug.
The Canada Revenue Agency confirmed the news Monday morning in a press release, saying the RCMP is now investigating the breach.
“Regrettably, the CRA has been notified by the Government of Canada's lead security agencies of a malicious breach of taxpayer data that occurred over a six-hour period,” the release says. “Based on our analysis to date, Social Insurance Numbers (SIN) of approximately 900 taxpayers were removed from CRA systems by someone exploiting the Heartbleed vulnerability. We are currently going through the painstaking process of analyzing other fragments of data, some that may relate to businesses, that were also removed.”
The CRA temporarily shut down its website last week after they became aware of the potential security threat. Canadians who file their taxes online were finally allowed to enter their information into the system over the weekend after administrators put in a security patch.
Officials say the problem has been contained and that no further leaks have been reported since administrators discovered the issue.
Those who have had their SIN stolen will receive a registered letter from the CRA. The public is being told not to expect a phone call or an email. The CRA says it will only be communicating by registered mail in order to avoid having fraudsters try and impersonate authorities in an attempt to retrieve information.
“We want to ensure that our communications are secure and cannot be exploited by fraudsters through phishing schemes,” the release says.
All those affected will be given free access to credit protection services and will have added protection on all accounts with the CRA to ensure all activity is authorized.
“I share the concern and dismay of those individuals whose privacy has been impacted by this malicious act,” the Privacy Commissioner of Canada, Andrew Treusch, said in the press release . “CRA online services are safe and secure. The CRA responded aggressively to successfully protect our systems. We have augmented our monitoring and surveillance measures, so that the security of the CRA site continues to meet the highest standards.”