The Canada Revenue Agency (CRA) headquarters Connaught Building is pictured in Ottawa on Monday, Aug. 17, 2020. THE CANADIAN PRESS/Sean Kilpatrick

CRA resumes online services with new security features after cyberattacks

All individuals affected by the cybersecurity breaches will receive a letter from the CRA

The Canada Revenue Agency has resumed all online services after fraudsters used thousands of pilfered usernames and passwords to obtain government services.

The agency disabled the services Saturday after discovering more than 5,000 accounts had been the target of three cyberattacks.

Online access to “My Business Account” resumed Monday and all others were brought back online Wednesday evening.

The agency says it regrets the impacts on Canadians and has modified all its security systems to protect against future cyberattacks.

All individuals affected by the cybersecurity breaches will receive a letter from the CRA explaining how to confirm their identity in order to protect and restore access to their account.

The agency urges everyone using its online services to update their accounts with unique passwords they don’t use for any other purpose.

It also recommends all CRA “My Account” users enable email notifications as an additional measure of security.

They can also opt to use a new security feature that will allow them to set up a unique personal identification number to open an account.

About 5,600 CRA accounts were targeted in what the CRA has described as “credential stuffing” schemes, in which hackers used passwords and usernames from other websites to access Canadians’ CRA accounts.

The first of three attacks last week took aim at the GCKey service, which is used by about 30 federal departments and allows Canadians to access services like the My Service Canada account.

By using the previously stolen usernames and passwords, the perpetrators were able to fraudulently acquire about 9,000 of the some 12 million GCKey accounts.

Separately, CRA’s system was hit by credential stuffing attacks. The perpetrators were able to use previously hacked credentials to access the CRA portal. They were also able to exploit a vulnerability that allowed them to bypass the CRA security questions and get into thousands more accounts.

In addition, the CRA portal was directly targeted with a large amount of traffic trying to attack the services through credential stuffing.

The Canadian Press

Canadacybersecurity

Get local stories you won't find anywhere else right to your inbox.
Sign up here

Just Posted

Greens, Liberals, NDP field Fraser-Nicola candidates ahead of October election

Incumbent Jackie Tegart has two opposing candidates after snap election called Monday

Work has started on 20 units of seniors’ housing in Clinton

Much-delayed project has been in the works for almost a decade

Cache Creek firefighters plan bigger, better Halloween fireworks

‘With so much uncertainty in the world it’s nice to know that one community event is staying intact’

Volunteers welcome at this year’s Black Powder Desert Rendezvous

Plus farmers’ markets, an art show, a bottle drive, a Fire Prevention Week contest, and more

Ashcroft looks into hiring bylaw officer with Cache Creek, Clinton

Funding available to help communities hire bylaw during COVID-19 state of emergency

BC Liberal Leader talks drug addiction in the Lower Mainland

Drug addiction and public safety a top priority says Andrew Wilkinson

Pandemic derails CP Holiday Train

Canadian Pacific will work to get donations to food banks while also producing an online music concert

Interior Health reports five new COVID-19 cases

Across the region, 34 cases are active

Join Black Press Media and Do Some Good

Pay it Forward program supports local businesses in their community giving

Vanderhoof’s Brian Frenkel takes on top job in tough times

We can get through this, new local government leader says

Local councils important, Horgan says as municipal conference ends

B.C. NDP leader says ‘speed dating’ vital, online or in person

Penticton woman sentenced to one year in prison for manslaughter of teen boyfriend

Kiera Bourque, 24, was sentenced for manslaughter in the 2017 death of Penticton’s Devon Blackmore

B.C. Green leader says NDP abandoning environmental plan

Horgan’s claim of unstable government false, Furstenau says

Most Read