The federal government assures account holders that the security loopholes that paved the way for the attacks have been resolved
The Canada Revenue Agency has resumed all of its online services after rolling out new security features.
This was in response to massive cyber attacks that saw the theft of thousands of passwords and account information, and the use of these to fraudulently obtain government services such as the Canada Emergency Response Benefit.
After being disabled over the previous weekend, “My Business Account” became accessible again on Aug. 17, and full access to CRA’s online resources resumed on the evening of Aug. 19.
The CRA announced that all users who suffered account breaches will be receiving emails with instructions on how to reconfirm their identities, thus restoring their access to the agency’s online services.
The federal government temporarily halted access to CRA and GCKey after 11,200 accounts were targeted by massed breaching attempts.
“The bad actors were able to use the previously hacked credentials to access the CRA portal. They were also able to exploit a vulnerability in the configuration of security software … which allowed them to bypass the CRA security questions and gain access to a user’s CRA account,” said Treasury Board of Canada Secretariat Marc Brouillard. “Because of the systems that we have in place, we were able to detect these attacks early on and have been largely been able to mitigate the impact to Canadians.”
