Get money-saving tips in your inbox.

Stay on top of personal finance tips from our money experts!

News & Resources

CRA Resumes Online Services Following Several Cyberattacks

Aug. 21, 2020
3 mins
Close up shot of two men on a couch, both of them looking at their mobile devices

The Canada Revenue Agency (CRA) has resumed all online services. The CRA My Account, My Business Account, and Represent a Client portal were deactivated earlier this week following several cyberattacks targeting COVID-19 benefits and breaching thousands of Canadians’ accounts and personal data.

Hackers used a series of “credential stuffing” attacks on both the CRA and GCKey service—a portal used by roughly 30 federal departments—using usernames and passwords fraudulently obtained in other hacks. The cyber-thieves took advantage of the fact many people reuse the same or similar passwords across their accounts.

Some of the affected individuals noticed these indicators:

  • Changes in the email address used on the CRA My Account
  • Direct deposit information issued to new bank accounts
  • Applications for the Canada Emergency Response Benefit (CERB) or other benefits made without their knowledge

However, many of the impacted users were alerted to the breach by an official email from the CRA.

In a statement from the Treasury Board of Canada Secretariat, the government suggested approximately 5,500 CRA accounts and 9,041 GCKey accounts were compromised.

CRA service disruptions

Unfortunately, Canadians were unable to access the COVID-19 aid measures online during the CRA service disruptions.

  • CERB: The COVID-19 emergency benefit provides Canadians who have been financially impacted by the pandemic with $2,000 every four weeks and requires applicants to reapply at the end of each payment period.
  • Canada Emergency Student Benefit (CESB): Eligible students who have been unable to work due to COVID-19 can receive $1,250 per four-week period or $2,000 per month if the student has dependents or a disability.
  • Canada Emergency Wage Subsidy (CEWS): Employers who have seen a drop in revenue may qualify for this benefit to cover part of employee wages. Monday, August 17, 2020, was the first day employers could apply for the updated CEWS program.
  • Tax owing: Many taxpayers use the online CRA portal to pay their personal and business tax amounts owing and installment payments for the 2020 tax year. The CRA extended the deadline for personal, corporate, and trust income tax amounts due to September 30, 2020.

However, the CRA and Service Canada phone lines remained open for those requiring access.

Account updates and additional security measures

As a precaution, the CRA services were unavailable to Canadians and affected GCKey accounts were cancelled. During this time, additional security features were installed, addressing the vulnerabilities on the web service.

The CRA or affected federal department will contact impacted individuals to confirm their identities and provide instructions on how to receive a new GCKey or restore their account.

Both the federal privacy commissioner and the RCMP are investigating the cybercrime to determine how much information was acquired.

CRA security modifications

The government has modified its systems and added security features to fend off the persistent cyber-threats and detect future attacks. Users can now set up a unique personal identification number on their account to safeguard their details.

At home cybersecurity measures

Since the start of the pandemic, the emergency benefits have been a hot target for thieves to initiate scams, fraud and theft. Popular techniques include texting scams, identity theft, and forged CERB cheques.

Here are a few steps you can take to identify potential scams and protect your online data:

  • Change your password regularly (avoid using the same or similar passcodes to other accounts)
  • Enable email notifications where the feature is available (CRA My Account)
  • Never use public Wi-Fi networks to access personal accounts (bank, CRA etc.)
  • Never respond to fraudulent communications (email, text, phone)

If you are unsure of the legitimacy of the communication, the CRA has created a list of guidelines for the types of questions and details you can expect from the agency to verify their authenticity.

Hayley Osmond

Hayley Osmond is an editor and writer in the personal finance space, where she uses her eight years of media and marketing experience to bring content to life. She specializes in money products, including mortgages, home and auto insurance, and credit cards. Hayley holds a Broadcast Journalism diploma from Sheridan College and was awarded the Shaw Media Journalism and Media Award for graduating at the top of her class. Her work has appeared in Global News and diverse digital corporate training materials behind the scenes.

Hayley is passionate about making complex subjects, such as home buying and financial literacy, concise and intriguing. Her work has garnered media coverage from The Globe and Mail, blogTO, Yahoo! News, and CityNews 680 and has been syndicated across other publications.

Latest Credit Card Articles

Is debt consolidation right for you?
Debt consolidation is one way to reduce monthly bill payments and get out of debt sooner. But there are some downsides. Here's what you need to know.
3 mins read
Do you need personal cybercrime insurance?
In 2022, Canadians lost $530 million to fraud and cybercrime. Learn how to shield your digital life and finances against these threats.
4 mins read
How to break down the value of a credit card
It’s not about finding the ‘best’ credit card in the market, but rather the best one for you. 
7 mins read

Subscribe to our newsletter

Stay on top of our latest offers, relevant news and tips!

Thanks for joining!

You'll be hearing from us shortly - stay tuned.