The Canada Revenue Agency (CRA) headquarters Connaught Building is pictured in Ottawa on Monday, Aug. 17, 2020. THE CANADIAN PRESS/Sean Kilpatrick

The Canada Revenue Agency (CRA) headquarters Connaught Building is pictured in Ottawa on Monday, Aug. 17, 2020. THE CANADIAN PRESS/Sean Kilpatrick

CRA resumes online services with new security features after cyberattacks

All individuals affected by the cybersecurity breaches will receive a letter from the CRA

The Canada Revenue Agency has resumed all online services after fraudsters used thousands of pilfered usernames and passwords to obtain government services.

The agency disabled the services Saturday after discovering more than 5,000 accounts had been the target of three cyberattacks.

Online access to “My Business Account” resumed Monday and all others were brought back online Wednesday evening.

The agency says it regrets the impacts on Canadians and has modified all its security systems to protect against future cyberattacks.

All individuals affected by the cybersecurity breaches will receive a letter from the CRA explaining how to confirm their identity in order to protect and restore access to their account.

The agency urges everyone using its online services to update their accounts with unique passwords they don’t use for any other purpose.

It also recommends all CRA “My Account” users enable email notifications as an additional measure of security.

They can also opt to use a new security feature that will allow them to set up a unique personal identification number to open an account.

About 5,600 CRA accounts were targeted in what the CRA has described as “credential stuffing” schemes, in which hackers used passwords and usernames from other websites to access Canadians’ CRA accounts.

The first of three attacks last week took aim at the GCKey service, which is used by about 30 federal departments and allows Canadians to access services like the My Service Canada account.

By using the previously stolen usernames and passwords, the perpetrators were able to fraudulently acquire about 9,000 of the some 12 million GCKey accounts.

Separately, CRA’s system was hit by credential stuffing attacks. The perpetrators were able to use previously hacked credentials to access the CRA portal. They were also able to exploit a vulnerability that allowed them to bypass the CRA security questions and get into thousands more accounts.

In addition, the CRA portal was directly targeted with a large amount of traffic trying to attack the services through credential stuffing.

The Canadian Press

Canadacybersecurity

Get local stories you won't find anywhere else right to your inbox.
Sign up here

Just Posted

Penticton law courts
Osoyoos child sex offender in court

Shawn Titus, 37, is charged with possession of child porn

One of the greatest Christmas traditions in Oliver is the Oliver Fire Department Christmas Carol Truck that goes around neighbourhoods, sharing Christmas cheer. (OFD photo)
Oliver fire hall siren to signal for holiday lights tonight at 6:30 p.m.

Oliver would normally be celebrating Light Up, but the fire hall is starting a new tradition

Grand Forks’ Roly Russell met with The Gazette after he was named Parliamentary Secretary for Rural Development Thursday, Nov. 26. Photo: Laurie Tritschler
NDP’s Roly Russell named secretary for rural development

Russell formerly represented rural Grand Forks on the Regional District of Kootenay Boundary’s elected board

Phil McLachlan file photo
Serious crash closes highway in Oliver

Highway 97 was closed in both directions overnight

B.C. Health Minister Adrian Dix and provincial health officer Dr. Bonnie Henry update the COVID-19 situation at the B.C. legislature, Nov. 23, 2020. (B.C. government)
B.C. sets another COVID-19 record with 887 new cases

Another 13 deaths, ties the highest three days ago

Screenshot of Pastor James Butler giving a sermon at Free Grace Baptist Church in Chilliwack on Nov. 22, 2020. The church has decided to continue in-person services despite a public health order banning worship services that was issued on Nov. 19, 2020. (YouTube)
Two Fraser Valley churches continue in-person services despite public health orders

Pastors say faith groups are unfairly targeted and that charter rights protect their decisions

Leighton Allen Labute faces charges of animal abuse and allegedly has a string of social media accounts depicting disturbing content.
Accused Kelowna hamster killer has trial date set for 2021

Leighton Labute’s three day trial is scheduled for Aug. 16, 2021

Join Black Press Media and Do Some Good
Join Black Press Media and Do Some Good

Pay it Forward program supports local businesses in their community giving

(File)
Christmas break extended for UBCO students

Move made to support mental health of students, accommodate ‘overload’ of work

A big job: Former forests minister Doug Donaldson stands before a 500-year-old Douglas fir in Saanich to announce preservation of some of B.C.’s oldest trees, July 2019. (B.C. government)
B.C. returning to ‘stand-alone’ forests, rural development ministry

Horgan says Gordon Campbell’s super-ministry doesn’t work

Gas prices take a hike in Vernon on Black Friday, Nov. 27, 2020. (Jennifer Smith - Morning Star)
Gas going up in North Okanagan

Prices jumping more than 10 cents at some stations

Kelowna firefighters on scene of an apartment fire on Friday, Nov. 27, 2020. (Phil McLachlan/Kelowna Capital News)
Firefighters tend to apartment blaze along Gordon Drive

Two dogs were found safe inside the unit

RCMP are investigating after a witness reported seeing two individuals breaking into and removing items from a mailbox in Armstrong Thursday, Nov. 26, 2020. THE CANADIAN PRESS/Jeff McIntosh
Thieves break into, steal items from North Okanagan mailbox

Police investigating after items were taken from a community mailbox on Van Kleeck Avenue Thursday

Most Read