Canada taxpayer data stolen in ‘Heartbleed’ breach

By Reuters
Monday, April 14, 2014 10:20 EDT
google plus icon
  • Print Friendly and PDF
  • Email this page

OTTAWA (Reuters) – Canada’s tax-collection agency reported on Monday that the private information of some 900 people had been stolen from its computer systems as a result of vulnerabilities caused by the ‘Heartbleed’ bug.

The breach allowed someone to extract social insurance numbers, which are used for employment and gaining access to government benefits, and possibly some other data, the Canada Revenue Agency said.

“Regrettably, the CRA has been notified by the government of Canada’s lead security agencies of a malicious breach of taxpayer data that occurred over a six-hour period,” the CRA said in a statement.

“Based on our analysis to date, Social Insurance Numbers (SIN) of approximately 900 taxpayers were removed from CRA systems by someone exploiting the Heartbleed vulnerability. We are currently going through the painstaking process of analyzing other fragments of data, some that may relate to businesses, that were also removed,” it said.

Police are investigating and the country’s privacy commissioner has been informed, it said.

Right in the heart of tax-filing season, the CRA shut down access to its online services last Wednesday because of the bug, which is found in widely used Web encryption technology and is one of the most serious security flaws uncovered in recent years.

(Reporting by Louise Egan; Editing by Jeffrey Hodgson and James Dalgleish)

Reuters.com brings you the latest news from around the world, covering breaking news in business, politics, technology, and more.
By commenting, you agree to our terms of service
and to abide by our commenting policy.