The Canada Revenue Agency is once again the victim of being pwned. This time it looks like they got pwned via a supply chain attack. Here’s what went down:
At the height of this year’s tax season, the Canada Revenue Agency discovered that hackers had obtained confidential data used by one of the country’s largest tax preparation firms, H&R Block Canada.
Imposters used the company’s confidential credentials to get unauthorized access into hundreds of Canadians’ personal CRA accounts, change direct deposit information, submit false returns and pocket more than $6 million in bogus refunds from the public purse, an investigation by CBC’s The Fifth Estate and Radio-Canada has found.
In one case, the hackers filed a return with a legitimate postal code, but a fake address on a non-existent Tomato Street.
“Obviously the door is open and some people are infiltrating the system,” André Lareau, an associate tax professor at Laval University in Quebec City, said in an interview. “But the CRA does not seem to have found the key to lock the door.”
According to sources, the crisis prompted the CRA to contact the office of Revenue Minister Marie-Claude Bibeau.
How many Canada Revenue Agency accounts could we be talking about? How about this:
In answers to questions from The Fifth Estate/Radio-Canada, the CRA admitted it has been hit with more than 31,468 “material” privacy breaches from March 2020 to December 2023, affecting 62,000 individual Canadian taxpayers.
This is pretty bad. And given that the Canada Revenue Agency has been pwned so many times over the years, which has led to a lawsuit over their last round of getting pwned, you’d think that they would up their game. But clearly that’s not the case. And Canadians should expect not only answers about why getting pwned is still a problem with the Canada Revenue Agency, but concrete steps on how they are going to stop getting pwned. In the meantime, I would encourage all Canadians to check their Canada Revenue Agency accounts to make sure that they are not victims of this. And I would do that ASAP.
Like this:
Like Loading...
Related
This entry was posted on October 28, 2024 at 10:03 am and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Canada Revenue Agency Taxpayer Accounts Pwned To Steal Money
The Canada Revenue Agency is once again the victim of being pwned. This time it looks like they got pwned via a supply chain attack. Here’s what went down:
At the height of this year’s tax season, the Canada Revenue Agency discovered that hackers had obtained confidential data used by one of the country’s largest tax preparation firms, H&R Block Canada.
Imposters used the company’s confidential credentials to get unauthorized access into hundreds of Canadians’ personal CRA accounts, change direct deposit information, submit false returns and pocket more than $6 million in bogus refunds from the public purse, an investigation by CBC’s The Fifth Estate and Radio-Canada has found.
In one case, the hackers filed a return with a legitimate postal code, but a fake address on a non-existent Tomato Street.
“Obviously the door is open and some people are infiltrating the system,” André Lareau, an associate tax professor at Laval University in Quebec City, said in an interview. “But the CRA does not seem to have found the key to lock the door.”
According to sources, the crisis prompted the CRA to contact the office of Revenue Minister Marie-Claude Bibeau.
How many Canada Revenue Agency accounts could we be talking about? How about this:
In answers to questions from The Fifth Estate/Radio-Canada, the CRA admitted it has been hit with more than 31,468 “material” privacy breaches from March 2020 to December 2023, affecting 62,000 individual Canadian taxpayers.
This is pretty bad. And given that the Canada Revenue Agency has been pwned so many times over the years, which has led to a lawsuit over their last round of getting pwned, you’d think that they would up their game. But clearly that’s not the case. And Canadians should expect not only answers about why getting pwned is still a problem with the Canada Revenue Agency, but concrete steps on how they are going to stop getting pwned. In the meantime, I would encourage all Canadians to check their Canada Revenue Agency accounts to make sure that they are not victims of this. And I would do that ASAP.
Share this:
Like this:
Related
This entry was posted on October 28, 2024 at 10:03 am and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.