Menu

Topics

TV Programs

Connect

Local

your local region

National

Share

Share this item via WhatsApp whatsapp Share this item on Flipboard flipboard Share this item on Reddit reddit

Calendar

Calendar

Search

Quick Search

  •  
  •  
  •  
  •  
  •  
  •  

Trending Now

  •  
     
  •  
     
  •  
     
  •  
     
  •  
     
  •  
     

Add Global News to Home Screen

Instructions:

  1. Press the share icon on your browser
  2. Select Add to Home Screen
  3. Press Add

Comments

Want to discuss? Please read our Commenting Policy first.

Video link
Headline link
Advertisement
Canada

CRA resumes online services after cyberattacks, adds new security features

By Staff The Canadian Press
Posted August 19, 2020 9:18 pm
2 min read
Click to play video: 'Nearly 9,000 GC Key accounts were hacked during CRA cyber attack, feds say'
Nearly 9,000 GC Key accounts were hacked during CRA cyber attack, feds say
WATCH: Nearly 9,000 GC Key accounts were hacked during CRA cyber attack, feds say – Aug 17, 2020
Share this item via WhatsApp

Share

Share this item via WhatsApp whatsapp Share this item on Flipboard flipboard Share this item on Reddit reddit

The Canada Revenue Agency has resumed all online services after fraudsters used thousands of pilfered usernames and passwords to obtain government services.

The agency disabled the services Saturday after discovering more than 5,000 accounts had been the target of three cyberattacks.

Online access to “My Business Account” resumed Monday and all others were brought back online Wednesday evening.

The agency says it regrets the impacts on Canadians and has modified all its security systems to protect against future cyberattacks.

All individuals affected by the cybersecurity breaches will receive a letter from the CRA explaining how to confirm their identity in order to protect and restore access to their account.

Story continues below advertisement

The agency urges everyone using its online services to update their accounts with unique passwords they don’t use for any other purpose.

Click to play video: 'CRA shuts down online services after cyberattacks'
CRA shuts down online services after cyberattacks

It also recommends all CRA “My Account” users enable email notifications as an additional measure of security.

Breaking news from Canada and around the world sent to your email, as it happens.

They can also opt to use a new security feature that will allow them to set up a unique personal identification number to open an account.

About 5,600 CRA accounts were targeted in what the CRA has described as “credential stuffing” schemes, in which hackers used passwords and usernames from other websites to access Canadians’ CRA accounts.

Trending Now

The first of three attacks last week took aim at the GCKey service, which is used by about 30 federal departments and allows Canadians to access services like the My Service Canada account.

Story continues below advertisement

By using the previously stolen usernames and passwords, the perpetrators were able to fraudulently acquire about 9,000 of the some 12 million GCKey accounts.

Click to play video: 'CRA portal was shut down after large amount of traffic, government official says'
CRA portal was shut down after large amount of traffic, government official says

Separately, CRA’s system was hit by credential stuffing attacks. The perpetrators were able to use previously hacked credentials to access the CRA portal. They were also able to exploit a vulnerability that allowed them to bypass the CRA security questions and get into thousands more accounts.

In addition, the CRA portal was directly targeted with a large amount of traffic trying to attack the services through credential stuffing.

More on Canada
© 2020 The Canadian Press

Sponsored content

AdChoices