CRA locking 800K Canadian taxpayers out of accounts
OTTAWA -- The Canada Revenue Agency is locking out 800,000 users from their online accounts on Saturday, out of fear that people’s usernames and passwords have been hacked.
Citing the cybersecurity risk of having this information in the hands of potentially bad actors, obtained through email phishing schemes or third party data breaches, the CRA says the move is precautionary.
“Like the accounts that were locked in February, these user IDs and passwords were not compromised as a result of a breach of CRA’s online systems, rather they may have been obtained by unauthorized third parties and through a variety of means by sources external to the CRA,” said the CRA in a statement.
“The total number of accounts impacted is roughly 800 thousand,” said the CRA.
The agency said that unlike what happened in February, it wanted to warn people ahead of time that the access to their accounts may be down, given it’s tax time.
If attempts are made to log in to a frozen account, the user will receive an error message informing them that their CRA user ID has been revoked.
Impacted individuals will be contacted by the email address associated with their accounts, or if there was not one on file, by mail.
Taxpayers can re-gain access to their CRA account by going to the CRA login page and creating a new CRA user ID and password or by using a different login method associated with their CRA account, the agency says.
It may take until March 22 for the issues to be resolved, but after that date, if users are unable to log in they should call the CRA.
As part of its ongoing monitoring the agency keeps an eye on any government-used usernames and passwords that go up for sale on the dark web and the CRA then moves to lock these accounts. This can happen when people use the same login information across multiple websites.
“All Canadians should monitor their CRA accounts for any suspicious activity including unsolicited changes to banking, mailing address or benefit applications made on their behalf. In addition, passwords should be updated regularly,” said the CRA.
With files from CTV News’ Kevin Gallagher