Canadians' tax data stolen in Heartbleed breach

Apr 14, 2014
File picture shows an AFP journalist looking at computer screens in Vancouver on February 25, 2010 during the Winter Olympics

Personal data for as many as 900 Canadian taxpayers was stolen after being made vulnerable by the "Heartbleed" bug, officials in Ottawa said on Monday.

Andrew Treusch, Commissioner of Canada Revenue Agency (CRA), said government security agencies notified his office "of a malicious breach of taxpayer data that occurred over a six-hour period" last week.

Treusch said approximately 900 social insurance numbers—nine-digit codes required for working or accessing government benefits in Canada—"were removed from CRA systems by someone exploiting the Heartbleed ."

Government officials, he added, are combing through CRA systems and "analyzing other fragments of data, some that may relate to businesses, that were also removed."

Federal police are also investigating, Treusch said.

The CRA last week shuttered its website over concerns about the Heartbleed bug. It was rebooted over the weekend after a patch was installed.

The recently-discovered flaw in online-data scrambling software OpenSSL allows hackers to eavesdrop on online communications, steal data, impersonate websites and unlock encrypted data.

OpenSSL is commonly used to protect passwords, and other data sent via the Internet.

More than half of websites use the software, but not all versions have the same vulnerability, according to heartbleed.com.

Cybersecurity firm Fox-It estimates that the vulnerability has existed for about two years, since the version of OpenSSL at issue was released.

Computer security specialists, website masters and others became aware last week of problems posed by the "Heartbleed" after several reports of hacking.

Explore further: Canada shutters tax filing website over 'Heartbleed' bug

add to favorites email to friend print save as pdf

Related Stories

'Heartbleed' bug a critical Internet illness

Apr 11, 2014

The "Heartbleed" flaw in Internet security is as critical as the name implies and wider spread than first believed. Warnings about the danger exposed early this week reached widening circles on Thursday, with everyone from website o ...

What you need to know about the Heartbleed bug

Apr 09, 2014

Millions of passwords, credit card numbers and other personal information may be at risk as a result of a major breakdown in Internet security revealed earlier this week.

Three things to do to protect from Heartbleed

Apr 11, 2014

The "Heartbleed" bug has caused anxiety for people and businesses. Now, it appears that the computer bug is affecting not just websites, but also networking equipment including routers, switches and firewalls.

Recommended for you

Sony hacking fallout puts all companies on alert

12 hours ago

Companies across the globe are on high alert to tighten up network security to avoid being the next company brought to its knees by hackers like those that executed the dramatic cyberattack against Sony Pictures ...

Timeline of the Sony Pictures Entertainment hack

15 hours ago

It's been four weeks since hackers calling themselves Guardians of Peace began their cyberterrorism campaign against Sony Pictures Entertainment. In that time thousands of executive emails and other documents ...

Files of more than 40,000 federal workers breached (Update)

15 hours ago

The computer files of more than 40,000 federal workers may have been compromised by a cyberattack at federal contractor KeyPoint Government Solutions, the second breach this year at a major firm handling national security ...

User comments : 0

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.