Credential Stuffing Attacks Shut Down Canada’s Revenues Service

The Canada Revenue Agency is investigating two online hacking incidents affecting the personal information of thousands of Canadians, according to CBC News.

The Canada Revenue Agency has temporarily shut down its online services, which means that anyone attempting to apply for emergency COVID-19 benefits, such as the Canada Emergency Response Benefit or the Canada Emergency Student Benefit, will be unable to do so until further notice.

“The CRA quickly identified the impacted accounts and disabled access to these accounts to ensure the safety and security of the taxpayer’s information,” CRA spokesperson Christopher Doody wrote in an email. “The CRA is continuing to analyze both incidents. Law enforcement assistance has been requested from RCMP and an investigation has been initiated.”

While the breaches have been contained, services connected to My Account, My Business Account and Represent a Client on the CRA website have been disabled as an additional safety measure.

Canadians attempting to log in to their Canada Revenue Agency accounts are met with a message informing them that they will not be able to access their accounts until further notice.

Earlier this month, Canadians began reporting online that email addresses associated with their CRA accounts had been changed, that their direct deposit information was altered and that CERB payments had been issued in their name even though they had not applied for the COVID-19 benefit.

The incidents are a type of attack known as “credential stuffing,” the Treasury Board’s Office of the Chief Information Officer shared in a statement.

“These attacks, which used passwords and usernames collected from previous hacks of accounts worldwide, took advantage of the fact that many people reuse passwords and usernames across multiple accounts.”

Cases such as this could be prevented through new-school security awareness training. Users can learn how to spot the warning signs as they continue to work in a remote environment.

CBC News has the full story.

** Optrics Inc. is an Authorized KnowBe4 partner


Find out how affordable new-school security awareness training is for your organization. Get a quote now.


The original article can be found here:

https://blog.knowbe4.com/credential-stuffing-attacks-shut-down-canadas-revenues-service

About the Author: Shannon Lewis

Leave a Reply