The information of thousands of Canadians has been accessed inappropriately by Canada Revenue Agency employees, CTV News has learned.

The CRA confirmed in a statement to CTV News that there were 264 privacy breaches between Nov. 4, 2015 and Nov. 27, 2018.

They said that a total of 41,361 Canadians were impacted. Of those people, 37,502 were deemed to face a “low risk of injury” and weren’t contacted by CRA.

The CRA said that it has notified 1,640 of the affected individuals and is in the process of sending letters to 34 more.

“For a number of other reasons, 2,185 individuals were not notified,” the CRA added, pointing out that some individuals were deceased or there was no address available.

Conservative national revenue critic Pat Kelly said that it’s unacceptable that information like a person’s income was accessed inappropriately.

The CRA said that 182 of the 264 CRA employees who accessed data without authorization have been disciplined, 36 face a pending decision and 46 have “left” the CRA.

Kelly said that Canadians need to know that CRA employees who improperly access information will face proper consequences.

“They need to make clear that employees are disciplined or terminated when they do inappropriately access information,” he added.

Tobi Cohen, a spokesperson for the Office of the Privacy Commissioner, noted that the office had conducted an audit of the CRA in 2013 and that the agency claims to have “substantially or fully implemented all measures that we recommended.”

“The Agency reported that it made several important improvements to its management of personal information, including introducing new policies, increasing corporate oversight and ensuring more timely assessment of privacy and security risks,” Cohen said.

“The fact that unauthorized/inappropriate access by employees is still happening at all, despite the measures CRA has taken, remains an ongoing concern,” Cohen added.

Deb Schulte, parliamentary secretary to the minister of National Revenue, said the government takes the matter seriously and has invested $10 million on prevention.

“We now have an enterprise fraud management system that reveals every time someone is in where they shouldn’t be,” said Liberal MP Schulte. The software was implemented in 2017.

“For us, one breach is too many,” she said.