Yesterday, I posted a story on the Canada Revenue Agency site being shut down over the weekend. At the time the CRA posted this as the reason:
The CRA takes the protection of Canadians’ tax information very seriously. Upon becoming aware of an internet vulnerability that affected some computer servers used by websites worldwide, the CRA acted quickly to temporarily take down our online services, including electronic filing, and put in place the necessary maintenance security patches to ensure that all information and systems remained safe. We took this action as a precaution, not as the result of a successful hack or breach.
Well. The story seems to have changed. Sort of. Here’s what the CBC said after a news conference that was held yesterday on the matter:
Federal government officials say no personal information was compromised by a software security risk that prompted a two-day shutdown of Canada Revenue Agency’s online tax services.
The issue with the open source software called Apache Struts 2, which is used widely around the world in the public and private sector, prompted the CRA filing portals to go offline Friday. Services were restored late Sunday afternoon.
During a briefing with reporters in Ottawa Monday, officials also revealed that Statistics Canada’s website was hacked, but said only data that was already publicly available was accessed from what they called a “soft target.”
Jennifer Dawson, deputy chief information officer for the Treasury Board of Canada Secretariat, said IT security disabled affected servers and patched the cracks before returning digital services back to normal.
“Due to our quick and proactive approach, we’re confident that we’ve prevented government information, including the personal information of Canadians, from being breached,” she said. “We’ve seen no evidence of this information being compromised.”
So… While they did take a proactive stance on this, there was a hack of sorts. Though not with the CRA. So while the story that the CRA put out there remains true, it’s can be argued that it is true from a certain point of view as there’s clearly more to it than what has been put forward thus far. It might be wise for the CRA and any other part of the government that are involved in this to get the full story out there rather than have it leak out bit by bit. I say that because I have a feeling that this story is far from over.