Suspicious Activity Detected On 48,000 CRA Accounts After Cyberattacks

Suspicious activity has been detected on more than 48,000 Canada Revenue Agency (CRA) accounts following cyberattacks in July and August.

Government officials said the previously announced cyberattacks targeted CRA accounts and GCKey, an online portal through which Canadians access employment insurance and immigration services.

Attackers used a method called "credential stuffing," which takes advantage of people who reuse usernames and passwords across multiple platforms that may have been previously hacked. CRA says GCKey was not compromised in the cyberattacks, but it has revoked 9,300 credentials for its system and is contacting those users in hopes of blocking subsequent attacks.

Canadians who receive a revocation message can register for new credentials or make use of the SecureKey Concierge, which lets users sign in to 269 government services through partners such as major banks.

CRA said the RCMP's investigation into the attacks is still ongoing and affected departments have been in contact with the Office of the Privacy Commissioner to provide updates on what personal information has been compromised.