Canadian government suspends online services after cyberattack

By on 19/08/2020 | Updated on 04/02/2022

Thousands of user accounts for online government services have been hacked, the Canadian government confirmed at the weekend.

The cyberattacks, first reported by CBC News, targeted GCKey and Canada Revenue Agency (CRA) accounts. The GCKey authentication service, used by 30 federal departments, allows citizens to access services such as employment insurance, veterans’ benefits and immigration applications.

Hackers initially gained access to 3,400 CRA accounts at the beginning of August. Last week, a second CRA account hack occurred, followed by a third at the weekend – prompting the CRA to temporarily suspend its online services on Saturday. The decision was made at a time when millions of citizens and businesses require access to the CRA website to apply for financial support as a result of the COVID-19 pandemic.

The agency reinstated online access for businesses on Monday and officials expected services to resume in full on Wednesday, though not all services were up and running at the time of publication.

According to CBC News, people began reporting online that email addresses associated with their CRA accounts had been changed; that their direct deposit information was altered; and that Canada Emergency Response Benefit (CERB) payments had been issued in their name, even though they had not applied.

“The CRA quickly identified the impacted accounts and disabled access to these accounts to ensure the safety and security of the taxpayer’s information,” CRA spokesperson Christopher Doody wrote in an email, as reported by CBC News.

Government officials said they first became aware of security issues on 7 August and contacted the Royal Canadian Mounted Police (RCMP) on 11 August. Government informed Canadians about the cyberattack at the weekend, after the second and third hacks took place.  

COVID-19 driving uptick in fraudulent activity

In an email sent to CBC News last week, the agency said there is typically an uptick in fraudulent activity at the beginning of each CERB pay period, the most recent of which began on 2 August. The Canadian Anti-Fraud Centre confirmed it had so far received more than 700 reports of identity fraud connected to the federal emergency response benefit.

The government confirmed that 5,500 CRA accounts had been compromised, almost half of them via GCKey.

“Of the roughly 12 million active GCKey accounts in Canada, the passwords and usernames of 9,041 users were acquired fraudulently and used to try and access government services, a third of which accessed such services and are being further examined for suspicious activity,” a statement from the Office of the Chief Information Officer of the Government of Canada, issued on Saturday, read.

The government later confirmed that a total of 11,200 government service accounts were hacked. It said it is working to access the scale of personal information stolen.

‘Credential stuffing’

Acting chief information officer for the Treasury Board of Canada secretariat Marc Brouillard described the attack as a form of “credential stuffing”, where hackers fraudulently obtain usernames and passwords collected in previous hacks of other websites and take advantage of the fact that many people use the same password for different accounts.

“The [Government of Canada] has worked around the clock to reduce the threat to Canadians affected… The credential stuffing attack on the GC has ceased,” he said at a press conference on Monday.  

An investigation into the cyberattacks has been launched by the RCMP’s National Division, which investigates “sensitive, high profile cases that threaten Canada’s political, economic and social integrity”, and the Canadian Centre of Cyber Security. The Office of the Privacy Commissioner of Canada is also understood to be monitoring the situation.

Officials did not comment on who may have been behind the attacks.

About Mia Hunt

Mia is a journalist and editor with a background in covering commercial property, having been market reports and supplements editor at trade title Property Week and deputy editor of Shopping Centre magazine, now known as Retail Destination. She has also undertaken freelance work for several publications including the preview magazine of international trade show, MAPIC, and TES Global (formerly the Times Educational Supplement) and has produced a white paper on energy efficiency in business for E.ON. Between 2014 and 2016, she was a member of the Revo Customer Experience Committee and an ACE Awards judge. Mia graduated from Kingston University with a first-class degree in journalism and was part of the team that produced The River newspaper, which won Publication of the Year at the Guardian Student Media Awards in 2010.

Leave a Reply

Your email address will not be published. Required fields are marked *