Watch video: Taxman anticipates services to resume this weekend. Sean O’Shea reports.
OTTAWA – A major international security concern has forced the shutdown of electronic filing services at the Canada Revenue Agency, and the agency anticipates services won’t resume until some time “over the weekend.”
The tax agency temporarily cut off public access to its electronic services Wednesday, saying the action was taken as a precaution. There are concerns the problem could affect other government systems as well.
“We have received information concerning an Internet security vulnerability named the Heartbleed Bug,” the agency said in a statement posted on its website.
READ MORE: Security flaw in key encryption technology discovered; passwords, other data vulnerable
“As a preventative measure, the CRA has temporarily shut down public access to our online services to safeguard the integrity of the information we hold.”
The shutdown came after the Canadian Cyber Incident Response Centre (CCIRC) issued a warning to system administrators about the coding flaw. It recommended that system operators unable to plug in an immediate fix get off the grid.
The affected services at CRA include EFILE, NETFILE, My Account, My Business Account and Represent a Client.
READ MORE: Banks says defences in place to keep online info safe from ‘Heartbleed’
The agency said it is working to restore safe and secure access as soon as possible.
It was unclear just how long it might take to ensure the agency’s computers are secure, but Revenue Minister Kerry-Lynne Findlay indicated it could be some time before the system was back up and running, noting that the agency would post updated information on its website “daily.”
“We’re investigating, we’re working on it,” Findlay told reporters.
WATCH: Revenue Minister Kerry-Lynne Findlay told reporters in Ottawa Wednesday that the CRA had shut down the online services “out of an abundance of caution.”
However long it takes, the revenue agency tried to reassure tax filers Wednesday, suggesting that people unable to file on time as a result of the shutdown would not be penalized.
“Please note that consideration will also be given to taxpayers who are unable to comply with their filing requirements because of this service interruption,” the agency said on its website.
It is a busy time of year for the tax agency, as people file returns electronically and track the progress of refunds online.
As of the end of March, the agency had received 6.7 million returns, with 84 per cent filed electronically.
The computer bug was reportedly detected last week by Internet security experts in Finland and researchers at Google, but only revealed widely within the online security community on Monday.
READ MORE: How to create a more secure password
Heartbleed affects open-source software called OpenSSL that’s at the very core of millions of applications used to encrypt Internet communications.
And experts warn that its impact on consumers could be significant.
It can reveal the contents of a computer server’s memory, including private data such as user names, passwords, and credit card numbers.
But the flaw also allows hackers to obtain copies of a server’s digital keys, and use them to impersonate other servers and fool people into thinking they are using a legitimate website.
WATCH: CRA chief says special consideration will be given to late tax filings stemming from website closure
As Canada’s tax collection agency was making the decision to go offline, a number of large websites, such as Google, Facebook and Yahoo said that they were either fixing the problem or had already dealt with the threat.
Canada’s major banks were also scrambling to reassess their systems, with at least two assuring clients that measures were in place to prevent any loss of information.
“TD already has put in place defences to protect customers from this potential threat, and is adding additional, layered security, so customers can conduct their banking securely and without their data being at risk,” said Barbara Timmins, a spokeswoman at TD Bank Group.
“While we don’t recommend any specific actions to TD customers as a result of this vulnerability, we always recommend that customers change their passwords regularly,” she added.
“That said, TD has intelligent and multi-layered authentication, so there are multiple safeguards in place to protect customers.”
RBC spokesman Jason Graham added that while the bank takes every threat seriously, RBC websites “have not been affected by the Heartbleed security bug.”
While the problem is international in nature, Opposition NDP Leader Tom Mulcair was quick to pounce on the Harper Conservatives for failing to adequately protect and provide services to Canadians.
“The Conservatives are such poor public managers that they can’t deliver the grain, they can’t even deliver the mail and now at tax time they can’t even communicate with Canadians through the revenue agency,” Mulcair said.
Liberal Leader Justin Trudeau, however, was prepared to cut the Tories some slack, saying he would support any measures needed to battle the bug.
With a file from Global News
Comments