More than 5,000 CRA accounts targeted in recent cyberattacks
The federal government says it's responding to recent cyberattacks that targeted a large number of Canada Revenue Agency (CRA) accounts and GCKey accounts.
The attacks, deemed "credential stuffing", used passwords and usernames collected from previous hacks of accounts worldwide to take advantage of the fact that many people reuse passwords and usernames across multiple accounts.
"Approximately 5,500 CRA accounts were targeted as part of the GCKey attack and another recent “credential stuffing” attack aimed at the CRA," the federal government said in a statement on Saturday.
"Access to all affected accounts has been disabled to maintain the safety and security of taxpayers’ information and the Agency is contacting all affected individuals and will work with them to restore access to their CRA MyAccount."
Additionally, of the roughly 12 million active GCKey accounts in Canada, the passwords and usernames of 9,041 users were acquired fraudulently and used to try and access government services, a third of which successfully accessed such services and are being further examined for suspicious activity.
"Affected GCKey accounts were cancelled as soon as the threat was discovered and departments are contacting users whose credentials were revoked to provide instructions on how to receive a new GCKey," said the government.
The government and RCMP are continuing their investigation and working to determine if there have been any privacy breaches and if information was obtained from these accounts.
The Office of the Privacy Commissioner has also been contacted and alerted to possible breaches.
To reduce the risk of cyberattacks, residents are advised to always use a unique password for all online accounts and regularly monitor all online accounts for suspicious activity.
"The safety and security of Canadians, and their information, is the Government of Canada’s top priority. We continue to actively investigate these attacks and are taking swift action to implement additional security features as the investigation continues."
Photo courtesy of The Canadian Press
- Employee at Brampton FreshCo. tests positive for COVID-19
- Brampton woman identified as Hamilton murder victim
- Police searching for missing 15-year-old girl from Brampton
- Peel District schools in Brampton with reported cases of COVID-19 – September 24
- Dufferin-Peel Catholic District schools in Brampton with reported COVID-19 cases – September 24
- Suspicious activity found on 48,000 CRA accounts after cyberattacks: treasury board
- CRA resumes online services with new security features after cyberattacks
- 50 Million Accounts Affected By Huge Facebook Security Breach
- Hacked Zoom accounts being sold for less than a penny on dark web: report
- Canada Post urging Brampton customers to reset their passwords