The Canada Revenue Agency (CRA) has been hacked.
The federal agency was forced to temporarily suspended its online services after two cyberattacks in which hackers stole thousands of usernames and passwords and used them to fraudulently obtain government services and compromise Canadians' personal information.
A total of 5,500 CRA accounts were targeted in what the federal government described as two "credential stuffing" schemes, in which hackers use passwords and usernames from other websites to access Canadians' accounts with the revenue agency.
The decision to suspend CRA's online services comes at a time when many Canadians and businesses have been using the revenue agency's website to apply for and access financial support related to the COVID-19 pandemic.
The government is hoping to reinstate online access for businesses on Monday, according to the CRA. That is when companies struggling due to the pandemic can start to apply for the latest round of federal wage subsidies.
It wasn't immediately clear what impact the suspension of services will have in terms of other federal benefits, including the Canada Child Benefit and Canada Emergency Response Benefit for those affected by COVID-19.
The Canadian Anti-Fraud Centre says more than 13,000 Canadians have been victims of fraud totaling $51 million this year. There have been 1,729 victims of COVID-19 fraud worth $5.55 million year-to-date.