User Credentials From The Canada Revenue Agency Are Floating Around The Dark Web…. Yikes!!

Clearly the Canada Revenue Agency has a serious IT security problem as two days ago an unknown number of accounts were locked as a precaution. Though the CRA wouldn’t provide details. Now we have those details. Apparently around 100000 accounts were locked because leaked login info was found on the dark web. Which of course is not good:

If you received an unexpected and cryptic email on Feb. 16 from CRA warning you that your email had been deleted from the agency’s web platform, MyCRA, do not worry: your account has not been breached.

In fact, the agency says it means that their new early cyber security issue detection system is working (though the communication strategy will be reviewed and it “regrets the inconvenience.”)

But that also means your login data has probably been compromised through a third-party breach and you will need to contact CRA in order to regain access to your online account, particularly if you plan on filing your 2020 taxes online starting next week.

“To be clear, these accounts were not impacted by a cyber attack at the CRA. These accounts have not been compromised and the action taken to lock the accounts was a preventative measure,” agency spokesperson Christopher Doody said in an emailed statement.

Steps on how to regain access to their online account will be sent to affected taxpayers by mail, he added.

I’m sorry, but this is a #fail on so many levels. First, simply sending an email out saying that your Canada Revenue Agency account has been locked is going to freak people out. That’s because the history of the Canada Revenue Agency when it comes to IT security quite frankly sucks as they have been repeatedly pwned by hackers. Thus if you get one of these emails, you are going to assume that hackers have pwned them again. It also doesn’t inspire confidence. I get that the Canada Revenue Agency was trying to act in the best interest of Canadians, but they way that they did it really isn’t fit for purpose. Hopefully they not only provide details about how these 100000 or so accounts were compromised, but they also rethink their communication strategy.

One Response to “User Credentials From The Canada Revenue Agency Are Floating Around The Dark Web…. Yikes!!”

  1. […] accounts tomorrow due to “cybersecurity risks”. This sounds similar to what happened less than a month ago where 100,000 other Canadians had their accounts locked as their credentials were allegedly floating around the dark web. Those who are affected by this […]

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: