Class Action Lawsuit Filed Over CRA Hack

Given how easily hackers appear to have used the personal information of Canadians to get their hands on COVID-19 benefits and how shambolic the response has been, as well as how lame the security measures that were put in place after this hack, I am not at all surprised that there’s now a class action lawsuit over this whole affair. CBC News has the details:

The lawsuit alleges that a series of “failings” by the government and the Canada Revenue Agency (CRA) allowed at least three cyberattacks between mid-March and mid-August, but the public wasn’t alerted until CBC News broke the story on Aug. 15.

The Treasury Board and the CRA held a news briefing to confirm the security breaches Aug. 17.

The proposed class proceeding claims the delayed detection of the hacks caused the number of victims to balloon to at least 14,500.

“The actions of the [CRA] are reprehensible,” states the claim, “and showed a callous disregard for the rights of [victims].” 

It alleges the agency’s conduct was “a deliberate … departure from ordinary standards of decent behaviour, and as such merits punishment.”

The CRA has blamed “a vulnerability in security software” for the online breaches, and has said it wasn’t aware of the first cyberattack until Aug. 7.

The agency and the federal government have yet to file a legal response.

And what’s really interesting is the fact that the lawsuit alleges that the government was hasty in implementing COVID-19 benefits and didn’t take the time and effort to make sure that they could be securely delivered:

The legal action alleges the CERB and CESB were “implemented hastily,” without adequate security measures.

As a result, it claims hackers were able to steal the personal information of applicants — including social insurance numbers, home addresses, bank account details and tax information — and use the stolen data to impersonate victims, change addresses and direct deposit information and file fraudulent claims under the emergency programs.

The lawsuit alleges the victims have been hit with a double whammy: their aid applications have been frozen while the breaches are investigated, causing financial strain, plus they will have to guard against identity theft for the rest of their lives.

I’ve said before that people within the government need to be held accountable for this mess. A class action lawsuit is a great way to do that because assuming that the government doesn’t settle out of court first, all the facts will come out in court under oath. That’s not going to look good for those in the government who were responsible for this fiasco. I for one hope that the government loses big as protecting the personal information of Canadians needs to be their number one priority 100% of the time.

2 Responses to “Class Action Lawsuit Filed Over CRA Hack”

  1. Steve Barnes Says:

    How does one determine if his/her data was specifically included in the CRA hack? If it was, how does one join the class-action lawsuit?

Leave a Reply

%d bloggers like this: