Thousands of CRA and government accounts disabled after cyberattack

Thousands of CRA and government accounts disabled after cyberattack
Share this article

OTTAWA — Hackers used more than 9,000 stolen usernames and passwords to apply for government services, and also targeted about 5,500 Canada Revenue Agency accounts, the federal government said in an announcement.

The RCMP is investigating whether the hack led to any privacy breaches or stolen information from the accounts, which have been disabled, the Treasury Board of Canada Secretariat said on Saturday.

The 9,000 hijacked accounts have been cancelled, and the approximately 3,000 accounts that were successful in getting government services are being investigated.

The 5,500 CRA accounts that were separately targeted have been disabled, and owners are being contacted, said the government.

The cyberattacks used a technique called credential stuffing to target a system used by 12 million users and about 30 federal departments, including immigration accounts.

The attackers used passwords and usernames collected from previous hacks of accounts worldwide, and “took advantage of the fact that many people reuse passwords and usernames across multiple accounts,” the government said.

This report by The Canadian Press was first published Aug. 16, 2020.

The Canadian Press

Related posts

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.