News & Resources

CRA Resumes Online Services Following Several Cyberattacks

Aug. 21, 2020
3 mins
Close up shot of two men on a couch, both of them looking at their mobile devices

The Canada Revenue Agency (CRA) has resumed all online services. The CRA My Account, My Business Account, and Represent a Client portal were deactivated earlier this week following several cyberattacks targeting COVID-19 benefits and breaching thousands of Canadians’ accounts and personal data.

Hackers used a series of “credential stuffing” attacks on both the CRA and GCKey service—a portal used by roughly 30 federal departments—using usernames and passwords fraudulently obtained in other hacks. The cyber-thieves took advantage of the fact many people reuse the same or similar passwords across their accounts.

Some of the affected individuals noticed these indicators:

  • Changes in the email address used on the CRA My Account
  • Direct deposit information issued to new bank accounts
  • Applications for the Canada Emergency Response Benefit (CERB) or other benefits made without their knowledge

However, many of the impacted users were alerted to the breach by an official email from the CRA.

In a statement from the Treasury Board of Canada Secretariat, the government suggested approximately 5,500 CRA accounts and 9,041 GCKey accounts were compromised.

CRA service disruptions

Unfortunately, Canadians were unable to access the COVID-19 aid measures online during the CRA service disruptions.

  • CERB: The COVID-19 emergency benefit provides Canadians who have been financially impacted by the pandemic with $2,000 every four weeks and requires applicants to reapply at the end of each payment period.
  • Canada Emergency Student Benefit (CESB): Eligible students who have been unable to work due to COVID-19 can receive $1,250 per four-week period or $2,000 per month if the student has dependents or a disability.
  • Canada Emergency Wage Subsidy (CEWS): Employers who have seen a drop in revenue may qualify for this benefit to cover part of employee wages. Monday, August 17, 2020, was the first day employers could apply for the updated CEWS program.
  • Tax owing: Many taxpayers use the online CRA portal to pay their personal and business tax amounts owing and installment payments for the 2020 tax year. The CRA extended the deadline for personal, corporate, and trust income tax amounts due to September 30, 2020.

However, the CRA and Service Canada phone lines remained open for those requiring access.

Account updates and additional security measures

As a precaution, the CRA services were unavailable to Canadians and affected GCKey accounts were cancelled. During this time, additional security features were installed, addressing the vulnerabilities on the web service.

The CRA or affected federal department will contact impacted individuals to confirm their identities and provide instructions on how to receive a new GCKey or restore their account.

Both the federal privacy commissioner and the RCMP are investigating the cybercrime to determine how much information was acquired.

CRA security modifications

The government has modified its systems and added security features to fend off the persistent cyber-threats and detect future attacks. Users can now set up a unique personal identification number on their account to safeguard their details.

At home cybersecurity measures

Since the start of the pandemic, the emergency benefits have been a hot target for thieves to initiate scams, fraud and theft. Popular techniques include texting scams, identity theft, and forged CERB cheques.

Here are a few steps you can take to identify potential scams and protect your online data:

  • Change your password regularly (avoid using the same or similar passcodes to other accounts)
  • Enable email notifications where the feature is available (CRA My Account)
  • Never use public Wi-Fi networks to access personal accounts (bank, CRA etc.)
  • Never respond to fraudulent communications (email, text, phone)

If you are unsure of the legitimacy of the communication, the CRA has created a list of guidelines for the types of questions and details you can expect from the agency to verify their authenticity.

Hayley Vesh

Hayley Vesh is an editor/writer at and a contributing writer at RATESDOTCA. Her work has also appeared in Global News. In her spare time, Hayley can be found wandering in the woods, hunting for second-hand treasures, or curled up with a steeped tea and a good podcast.

Latest Credit Card Articles

Best of Finance Nominees: The best credit cards in Canada for 2022
The nominees for 2022’s Best of Finance Awards include the best credit cards available in Canada this year.
Learn More
5 mins read
Best No-Fee Credit Cards With Mobile Device Insurance in Canada for 2022
These no-fee credit cards offer mobile device insurance if your eligible cellphone or tablet is lost, stolen or damaged. Here’s what the coverage provides.
Learn More
10 mins read
Best Credit Card Welcome Offers for January 2022
Start the new year off with the right credit card and maximize your rewards with one of these welcome offers.
Learn More
14 mins read