900 SINs stolen due to Heartbleed bug: Canada Revenue Agency

WATCH ABOVE:  Hundreds of Canadians could soon learn if their Social Insurance Numbers were stolen in a Canada Revenue Agency breach linked to the Heartbleed bug. Mike Le Couteur has the details.

TORONTO  – Roughly 900 Canadians have had their social insurance numbers stolen from the Canada Revenue Agency’s systems after the federal agency’s online services were hit by the so-called Heartbleed bug.

“CRA has been notified by the Government of Canada’s lead security agencies of a malicious breach of taxpayer data that occurred over a six-hour period,”  Canada Revenue Agency (CRA) said in a statement. “Social insurance numbers (SIN) of approximately 900 taxpayers were removed from CRA systems by someone exploiting the Heartbleed vulnerability.”

LIVE BLOG: Experts answer Heartbleed bug questions Tuesday at 12 p.m. ET

The agency says that each person affected will receive a registered letter to inform them of the breach and free access to credit protection services. A dedicated 1-800 number has also been set up to provide further information, including what steps to take to protect the integrity of your SIN. The agency says it will not be calling or emailing individuals to inform them that they have been impacted as they want to ensure that  “communications are secure and cannot be exploited by fraudsters through phishing schemes.”

Story continues below advertisement

The CRA moved to block public access to its services to address the risk but says there was still a six-hour data breach.

On Saturday, the federal tax agency said its online tax-filing systems are back up and running and that its online filing systems are safe again.

The deadline for filing 2013 tax returns is being extended from April 30th to May 5th.

What is the Heartbleed bug?

The Heartbleed bug is caused by a flaw in OpenSSL software, which is commonly used on the Internet to provide security and privacy. It affects the encryption technology designed to protect online accounts for email, instant messaging and e-commerce.

READ MORE: What is the Heartbleed bug and why is it a big deal?

It was discovered by a team of researchers from the Finnish security firm Codenomicon, along with a Google Inc. researcher who was working separately.

In order to protect yourself, users are asked to  change their online passwords once the sites they are using have adopted a fix. It’s also up to the Internet services affected by the bug to let users know of the potential risks and encourage them to change their passwords. Not sure which sites are affected and what passwords you need to change? If so, click here.

Story continues below advertisement

WATCH: Global’s Nicole Bogart explains what steps the CRA is taking to try and inform those who’s SIN numbers were stolen

–  With files from The Canadian Press

Sponsored content