CRA says it locked users' online accounts because of external threat
OTTAWA -- The Canada Revenue Agency says online accounts were locked after an internal analysis found some user credentials may be in the hands of "unauthorized" individuals outside of the organization, CTV News has learned.
After confirming on Wednesday the sudden "precautionary" measure was not due to a cyber security threat, the CRA later acknowledged information like user IDs and passwords were obtained "through a variety of means by sources external to the CRA."
The move had also prompted a notification from the CRA informing some users that their email address had been removed from their account, causing a flurry of concern and confusion online.
Some complained of receiving "ERR.021" and "CER.019" error codes, and said they’d been trying to call the agency for a week about the issue.
"To prevent unauthorized access to these accounts, we took swift action to lock the accounts and are in the process of contacting the legitimate account holders to unlock their accounts," the CRA statement reads.
They go on to say that calling the agency is unnecessary, unless those targeted are applicants of the government’s emergency COVID-19 benefit with active applications.
"We will prioritize these calls to minimize delays in the delivery of these crucially important emergency benefits," the agency said.