Advertisement

Halifax-area man shares his experience after CRA cyberattack

Click to play video: 'Bedford man says he’s frustrated CRA did not properly inform of security breach'
Bedford man says he’s frustrated CRA did not properly inform of security breach
A Bedford man who had his personal information stolen says he’s frustrated the CRA did not properly inform him he was part of the security breach this summer. Alicia Draus has the details. – Sep 15, 2020

A man from Bedford, N.S., is sharing his experience of having his personal information stolen in the hopes of warning others.

Len Goucher says he was among the 5,500 individuals whose information was compromised during a series of cyberattacks on the Canada Revenue Agency (CRA).

The CRA announced the security breach in August, saying that thousands of usernames and passwords were compromised.

Initially, Goucher wasn’t worried. He knew the CRA was alerting individuals affected and didn’t receive any sort of notification, but then later that month he grew concerned when his Canada Pension Plan (CPP) payment was never deposited into his account.

“I noticed the (Old Age Security) was there but the CPP wasn’t. My wife’s was there, but mine wasn’t,” said Goucher.

Story continues below advertisement

After making some calls, he learned the payment had been deposited but into a different account.

“The account was in my name in Orleans, Ont., and in the account was my CPP,” he said.

Click to play video: 'Better Business Bureau shares cyber tips after CRA hack'
Better Business Bureau shares cyber tips after CRA hack

In addition to CPP, the account also had two Canada Emergency Response Benefit (CERB) deposits of $2,000 each.

For news impacting Canada and around the world, sign up for breaking news alerts delivered directly to you when they happen.

Get breaking National news

For news impacting Canada and around the world, sign up for breaking news alerts delivered directly to you when they happen.
By providing your email address, you have read and agree to Global News' Terms and Conditions and Privacy Policy.

Goucher is retired so he knew he didn’t qualify for CERB and immediately alerted the CRA, as well as the RCMP. His account has since been frozen and he will have to personally call before accessing anything.

It’s inconvenient, Goucher says, but adds he is glad he was able to catch things early. However, he knows that not everyone is so lucky.

In a statement, the Canada Revenue Agency said it has noticed an increase in scams targeting taxpayers in the past few years with a focus on the Canada Emergency Response Benefit.

Story continues below advertisement

Goucher says he is frustrated at the lack of communication from the CRA. It was only after he sorted out the issue, in September, that he finally received a letter from the CRA alerting him of possible fraudulent activity, and even then he says the letter does not acknowledge the CRA had any security breach.

“Regrettably we have been made aware that the login credentials that you use to access certain online sites and applications such as user IDs and passwords may have been acquired and used by external actors,” the letter reads.

“They tried to make it look like it was my fault, and that’s wrong,” said Goucher.

“I didn’t do anything wrong and I’m sure anybody in that breach, none of them did anything wrong.”

Goucher says he would like the CRA to be more transparent with taxpayers affected, and to ensure they take their own cybersecurity seriously.

Goucher has thankfully had his CPP redirected back to his account and is speaking out to encourage everyone to keep a close eye on all accounts and report anything suspicious.

“You’ve got to check your accounts because if you don’t, things can go south very very quickly.”

Story continues below advertisement
Click to play video: 'Thousands of CRA, government service accounts targeted by hackers in ‘credential stuffing’ attacks'
Thousands of CRA, government service accounts targeted by hackers in ‘credential stuffing’ attacks

“We want to assure all confirmed victims of identity fraud that they will not be held responsible for any money paid out to scammers using their identity,” reads the statement provided by the CRA.

“Also, the victims of identity fraud who are eligible for benefit payments will still receive those payments.”

Goucher says he is still worried that someone out there has his personal information and is not sure if there are other accounts that have been opened in his name that he is not aware of yet, but for now he’s taking things one step at a time.

“These hackers they’re getting more creative, more deceptive and more covert so every month you’ve got to check, you really have to check because you just don’t know what’s going on behind your back.”

Advertisement

Sponsored content

AdChoices