The Canada Revenue Agency (CRA) headquarters Connaught Building is pictured in Ottawa on Monday, Aug. 17, 2020. THE CANADIAN PRESS/Sean Kilpatrick

CRA resumes online services with new security features after cyberattacks

All individuals affected by the cybersecurity breaches will receive a letter from the CRA

The Canada Revenue Agency has resumed all online services after fraudsters used thousands of pilfered usernames and passwords to obtain government services.

The agency disabled the services Saturday after discovering more than 5,000 accounts had been the target of three cyberattacks.

Online access to “My Business Account” resumed Monday and all others were brought back online Wednesday evening.

The agency says it regrets the impacts on Canadians and has modified all its security systems to protect against future cyberattacks.

All individuals affected by the cybersecurity breaches will receive a letter from the CRA explaining how to confirm their identity in order to protect and restore access to their account.

The agency urges everyone using its online services to update their accounts with unique passwords they don’t use for any other purpose.

It also recommends all CRA “My Account” users enable email notifications as an additional measure of security.

They can also opt to use a new security feature that will allow them to set up a unique personal identification number to open an account.

About 5,600 CRA accounts were targeted in what the CRA has described as “credential stuffing” schemes, in which hackers used passwords and usernames from other websites to access Canadians’ CRA accounts.

The first of three attacks last week took aim at the GCKey service, which is used by about 30 federal departments and allows Canadians to access services like the My Service Canada account.

By using the previously stolen usernames and passwords, the perpetrators were able to fraudulently acquire about 9,000 of the some 12 million GCKey accounts.

Separately, CRA’s system was hit by credential stuffing attacks. The perpetrators were able to use previously hacked credentials to access the CRA portal. They were also able to exploit a vulnerability that allowed them to bypass the CRA security questions and get into thousands more accounts.

In addition, the CRA portal was directly targeted with a large amount of traffic trying to attack the services through credential stuffing.

The Canadian Press

Canadacybersecurity

Get local stories you won't find anywhere else right to your inbox.
Sign up here

Just Posted

COVID-19 cases in Alberta up by 153 Wednesday

Central zone sits at 19 active cases

160 new COVID-19 cases reported in Alberta on Tuesday

Province now has 1,571 active cases

Return to class has gone better than expectation, WCPS says

Staff with Wolf Creek Public Schools say the return to in-class teaching has gone very well

PHOTOS: Eighth annual Wood Show in Lacombe

Central Alberta Wood Workers and Woodturners Guild hosted its annual show recently

No safe mask option for bearded members, RCMP says, but force is exploring solutions

RCMP says respirator not mandatory in all front-line situations, but sometimes needed to reduce risk

Health Canada green-lights rapid COVID-19 test

Health Canada approved the BCube test from Hyris Ltd. in the United Kingdom Sept. 23

Albertans the speediest behind wheel, according to national dangerous driving survey

Finder.com looks into dangerous and reckless driving habits across the country

Metis pilot Teara Fraser profiled in new DC Comics graphic novel of women heroes

The Canadian pilot’s entry is titled: ‘Teara Fraser: Helping Others Soar’

Leduc Man still missing, RCMP concerned for his well being

31-year-old Ryan Mcleod has been missing since Sept. 10, 2020.

Sylvan Lake family says they are ‘blessed’ to have found their home in Central Alberta

Onsy and Rosemary Tawadrous immigrated to Canada in 2011 and made their home in Sylvan Lake

Tractor fire east of Ponoka doused

Flames extinguished with foam additive

Wetaskiwin restaurant asks City for help with excessive property damage caused by continuous loiterers

Employees say that they are scared for themselves and their customers.

Most Read