The Canada Revenue Agency has temporarily disabled its online services following news of two separate cyberattacks that compromised thousands of its accounts.
In a statement Sunday, the CRA confirmed that online services were being disabled as an “additional precaution,” on top of the links between its My Account and My Service Canada also being shut down temporarily. The CRA has not provided a timeline for when the online services would be restored.
In two separate incidents, about 5,500 CRA accounts were impacted as of Aug. 14. Hackers were then able to access some users’ My Account, My Business Account and Represent a Client of certain individuals functions on the CRA website.
The CRA’s online service shutdown means that, in effect, anyone trying to apply for emergency COVID-19 benefits such as the Canada Emergency Response Benefit (CERB) or the Canada Emergency Student Benefit will be unable to do so until services resume.
“The CRA quickly identified the impacted accounts and disabled access to these accounts to ensure the safety and security of the taxpayer’s information,” read a statement from a CRA spokesperson.
“The CRA is continuing to analyze both incidents. Law enforcement assistance has been requested from RCMP and an investigation has been initiated.”
In a statement Saturday, the Treasury Board of Canada Secretariat said that hackers had obtained and attempted to use the GCKey passwords and usernames of 9,041 people.
GCKey is an online authentication system which allows people to access dozens of government departments, including Service Canada and Refugees and Citizenship Canada.
According to the Treasury Board of Canada Secretariat, hackers were successful in accessing government services online for about a third of the affected accounts. The federal government has since disabled access to the hacked accounts, and are in contact with individuals who have been affected.
— With files from Kerri Breen