The Canada Revenue Agency (CRA) headquarters Connaught Building is pictured in Ottawa on Monday, Aug. 17, 2020. THE CANADIAN PRESS/Sean Kilpatrick

CRA resumes online services with new security features after cyberattacks

All individuals affected by the cybersecurity breaches will receive a letter from the CRA

The Canada Revenue Agency has resumed all online services after fraudsters used thousands of pilfered usernames and passwords to obtain government services.

The agency disabled the services Saturday after discovering more than 5,000 accounts had been the target of three cyberattacks.

Online access to “My Business Account” resumed Monday and all others were brought back online Wednesday evening.

The agency says it regrets the impacts on Canadians and has modified all its security systems to protect against future cyberattacks.

All individuals affected by the cybersecurity breaches will receive a letter from the CRA explaining how to confirm their identity in order to protect and restore access to their account.

The agency urges everyone using its online services to update their accounts with unique passwords they don’t use for any other purpose.

It also recommends all CRA “My Account” users enable email notifications as an additional measure of security.

They can also opt to use a new security feature that will allow them to set up a unique personal identification number to open an account.

About 5,600 CRA accounts were targeted in what the CRA has described as “credential stuffing” schemes, in which hackers used passwords and usernames from other websites to access Canadians’ CRA accounts.

The first of three attacks last week took aim at the GCKey service, which is used by about 30 federal departments and allows Canadians to access services like the My Service Canada account.

By using the previously stolen usernames and passwords, the perpetrators were able to fraudulently acquire about 9,000 of the some 12 million GCKey accounts.

Separately, CRA’s system was hit by credential stuffing attacks. The perpetrators were able to use previously hacked credentials to access the CRA portal. They were also able to exploit a vulnerability that allowed them to bypass the CRA security questions and get into thousands more accounts.

In addition, the CRA portal was directly targeted with a large amount of traffic trying to attack the services through credential stuffing.

The Canadian Press

Canadacybersecurity

Get local stories you won't find anywhere else right to your inbox.
Sign up here

Just Posted

UPDATED: Red Deer has nine active COVID-19 cases

Number of cases increased by 107 Friday

Water Works Studios in Wetaskiwin officially open

Water Works Studios had their grand opening Sept.15, 2020.

Man sentenced to 7 years for gas-and-dash death of Alberta gas station owner

Ki Yun Jo was killed after Mitchell Sydlowski sped off in a stolen cube van without paying for $198 of fuel

Multiple voices heard at Ponoka for Peace rally

Peace rally held to ‘highlight the best of Ponoka’

Notley to stay on as Alberta NDP leader for 2023 provincial election

The NDP took almost all of Edmonton but few seats outside of the city

First annual Best of Wetaskiwin Readers’ Choice Awards

Enter to win a $200 gift card for Canadian Tire.

Young Canadians have curtailed vaping during pandemic, survey finds

The survey funded by Heart & Stroke also found the decrease in vaping frequency is most notable in British Columbia and Ontario

“My world exploded,” says Bentley-area farmer who’s swather was struck by a motorist

Dennis Duncan was a mile from home when his swather was struck by another travelling at high speeds

UPDATE: Last kidnapping suspect arrested

Amber Knickle has been arrested and remains in police custody

B.C., Alberta sending nearly 300 fire personnel by Friday to help battle wildfires in Oregon

Some 230 firefighters, most from British Columbia but including a number from Alberta, will be deployed Friday

Death of mother grizzly a ‘big loss’ for bear population in Banff park: experts

The bear, known as No. 143, spent most of her time in the backcountry of Banff

Most Read