CRA Locks 800,000 Canadians Out of Online Accounts, Over Hacking Fears

According to CTV News, the Canada Revenue Agency (CRA) has suspended 800,000 Canadian taxpayers’ access to their online accounts as a precautionary measure against a potential data leak that may have landed their usernames and passwords in the wrong hands.

This is not the first time the CRA has ran into a breach of their cybersecurity, as a cyber-attack last year rendered taxpayers unable to log in to their accounts, and another data leak just last month compromised the usernames and passwords of many accounts.

This time around, however, the CRA says the potential data leak was not caused by a hack, but that the leaked information was obtained by unknown parties through a massive email phishing campaign and/or third-party breaches.

“Like the accounts that were locked in February, these user IDs and passwords were not compromised as a result of a breach of CRA’s online systems, rather they may have been obtained by unauthorized third parties and through a variety of means by sources external to the CRA”, said the CRA in a statement.

“The total number of accounts impacted is roughly 800 thousand,” added the CRA.

Users trying to log into a suspended account will receive an error message informing them that their CRA account has been revoked. In addition, the owners of the revoked accounts will also be notified by the CRA via email (or post).

Taxpayers locked out of their accounts can regain access by going to the CRA login page and creating a new CRA user ID and password, or by using a different login method associated with their existing CRA account.

The CRA says the matter should be fully resolved by March 22. With tax season on the horizon, any Canadians impacted by the data leak should get their CRA accounts sorted out sooner rather than later.