A man from Bedford, N.S., is sharing his experience of having his personal information stolen in the hopes of warning others.
Len Goucher says he was among the 5,500 individuals whose information was compromised during a series of cyberattacks on the Canada Revenue Agency (CRA).
The CRA announced the security breach in August, saying that thousands of usernames and passwords were compromised.
Initially, Goucher wasn’t worried. He knew the CRA was alerting individuals affected and didn’t receive any sort of notification, but then later that month he grew concerned when his Canada Pension Plan (CPP) payment was never deposited into his account.
“I noticed the (Old Age Security) was there but the CPP wasn’t. My wife’s was there, but mine wasn’t,” said Goucher.
After making some calls, he learned the payment had been deposited but into a different account.
“The account was in my name in Orleans, Ont., and in the account was my CPP,” he said.
In addition to CPP, the account also had two Canada Emergency Response Benefit (CERB) deposits of $2,000 each.
Goucher is retired so he knew he didn’t qualify for CERB and immediately alerted the CRA, as well as the RCMP. His account has since been frozen and he will have to personally call before accessing anything.
It’s inconvenient, Goucher says, but adds he is glad he was able to catch things early. However, he knows that not everyone is so lucky.
In a statement, the Canada Revenue Agency said it has noticed an increase in scams targeting taxpayers in the past few years with a focus on the Canada Emergency Response Benefit.
Goucher says he is frustrated at the lack of communication from the CRA. It was only after he sorted out the issue, in September, that he finally received a letter from the CRA alerting him of possible fraudulent activity, and even then he says the letter does not acknowledge the CRA had any security breach.
“Regrettably we have been made aware that the login credentials that you use to access certain online sites and applications such as user IDs and passwords may have been acquired and used by external actors,” the letter reads.
“They tried to make it look like it was my fault, and that’s wrong,” said Goucher.
“I didn’t do anything wrong and I’m sure anybody in that breach, none of them did anything wrong.”
Goucher says he would like the CRA to be more transparent with taxpayers affected, and to ensure they take their own cybersecurity seriously.
Goucher has thankfully had his CPP redirected back to his account and is speaking out to encourage everyone to keep a close eye on all accounts and report anything suspicious.
“You’ve got to check your accounts because if you don’t, things can go south very very quickly.”
“We want to assure all confirmed victims of identity fraud that they will not be held responsible for any money paid out to scammers using their identity,” reads the statement provided by the CRA.
“Also, the victims of identity fraud who are eligible for benefit payments will still receive those payments.”
Goucher says he is still worried that someone out there has his personal information and is not sure if there are other accounts that have been opened in his name that he is not aware of yet, but for now he’s taking things one step at a time.
“These hackers they’re getting more creative, more deceptive and more covert so every month you’ve got to check, you really have to check because you just don’t know what’s going on behind your back.”