More than 5,000 CRA accounts targeted in recent cyberattacks


Published August 16, 2020 at 2:26 pm


The federal government says it’s responding to recent cyberattacks that targeted a large number of Canada Revenue Agency (CRA) accounts and GCKey accounts.

The attacks, deemed “credential stuffing”, used passwords and usernames collected from previous hacks of accounts worldwide to take advantage of the fact that many people reuse passwords and usernames across multiple accounts.

“Approximately 5,500 CRA accounts were targeted as part of the GCKey attack and another recent “credential stuffing” attack aimed at the CRA,” the federal government said in a statement on Saturday.

“Access to all affected accounts has been disabled to maintain the safety and security of taxpayers’ information and the Agency is contacting all affected individuals and will work with them to restore access to their CRA MyAccount.”

Additionally, of the roughly 12 million active GCKey accounts in Canada, the passwords and usernames of 9,041 users were acquired fraudulently and used to try and access government services, a third of which successfully accessed such services and are being further examined for suspicious activity.

“Affected GCKey accounts were cancelled as soon as the threat was discovered and departments are contacting users whose credentials were revoked to provide instructions on how to receive a new GCKey,” said the government.

The government and RCMP are continuing their investigation and working to determine if there have been any privacy breaches and if information was obtained from these accounts.

The Office of the Privacy Commissioner has also been contacted and alerted to possible breaches.

To reduce the risk of cyberattacks, residents are advised to always use a unique password for all online accounts and regularly monitor all online accounts for suspicious activity.

“The safety and security of Canadians, and their information, is the Government of Canada’s top priority. We continue to actively investigate these attacks and are taking swift action to implement additional security features as the investigation continues.”

Photo courtesy of The Canadian Press

insauga's Editorial Standards and Policies advertising