Privacy Commissioner Philippe Dufresne said financial information of 48,000 Canadians was hacked by identity thieves attempting to defraud pandemic relief programs, according to Blacklock’s Reporter. “The breach compromised the sensitive financial, banking and employment information of tens of thousands of Canadians, leading to numerous cases of fraud and identity theft,” said Dufresne in a statement. “The investigation found attackers used, among other things, the Canada Revenue Agency’s (CRA) sign-in portal.”At one point, the CRA locked 800,000 online accounts it suspected were breached. The CRA and Employment and Social Development Canada (ESDC) assured Parliament taxpayers targetted by identity thieves received free credit protection. “Impacted individuals with email addresses on file were notified,” said cabinet. Parliament passed the Canada Emergency Response Benefit Act in 2020 to pay $2,000 to jobless taxpayers. MPs were informed cases of identity theft were obvious within days. “It was really for the most part our large financial institutions that were reporting on a number of Canada Emergency Response Benefits (CERB) that were coming in with certain clients and they would see clients receiving benefits under different names and so forth,” said Financial Transactions and Reports Analysis Centre Deputy Director Barry MacKillop. “Probably the most typical one you would see is one person who has a bank account and is receiving multiple CERB payments under different names going into his or her bank account, then that money would be quickly dispersed either through money transfers to someone else, to themselves in another institution, or the money would be taken out almost immediately through cash withdrawals at ATMs for example.” When it came to breaches, Dufresne said they included more than 2,000 cases of identity theft at the ESDC and the leak of sensitive personal information on 8,000 employees of 36 unidentified companies with digital CRA accounts. “Attackers used approximately 26,000 Canada Revenue Agency My Accounts, one Agency ‘represent a client’ account, 6,000 Department of Employment My Service Canada Accounts and 112 Department of Employment business accounts to access the contact information and sensitive financial, banking, and employment information of 14,000 individuals held by the Department of Employment and 34,000 individuals held by the Canada Revenue Agency,” he said. This incident comes after Auditor General Karen Hogan said in 2022 the CRA could have done some screening before paying out claims under the Canada Emergency Wage Subsidy (CEWS). READ MORE: CRA should have been more careful with pandemic relief program, auditor general saysThe CEWS cost taxpayers $100.6 billion, including payments to companies in tax default.Hogan said the CEWS was an example of CRA failure to complete cursory background checks using information it had.
Privacy Commissioner Philippe Dufresne said financial information of 48,000 Canadians was hacked by identity thieves attempting to defraud pandemic relief programs, according to Blacklock’s Reporter. “The breach compromised the sensitive financial, banking and employment information of tens of thousands of Canadians, leading to numerous cases of fraud and identity theft,” said Dufresne in a statement. “The investigation found attackers used, among other things, the Canada Revenue Agency’s (CRA) sign-in portal.”At one point, the CRA locked 800,000 online accounts it suspected were breached. The CRA and Employment and Social Development Canada (ESDC) assured Parliament taxpayers targetted by identity thieves received free credit protection. “Impacted individuals with email addresses on file were notified,” said cabinet. Parliament passed the Canada Emergency Response Benefit Act in 2020 to pay $2,000 to jobless taxpayers. MPs were informed cases of identity theft were obvious within days. “It was really for the most part our large financial institutions that were reporting on a number of Canada Emergency Response Benefits (CERB) that were coming in with certain clients and they would see clients receiving benefits under different names and so forth,” said Financial Transactions and Reports Analysis Centre Deputy Director Barry MacKillop. “Probably the most typical one you would see is one person who has a bank account and is receiving multiple CERB payments under different names going into his or her bank account, then that money would be quickly dispersed either through money transfers to someone else, to themselves in another institution, or the money would be taken out almost immediately through cash withdrawals at ATMs for example.” When it came to breaches, Dufresne said they included more than 2,000 cases of identity theft at the ESDC and the leak of sensitive personal information on 8,000 employees of 36 unidentified companies with digital CRA accounts. “Attackers used approximately 26,000 Canada Revenue Agency My Accounts, one Agency ‘represent a client’ account, 6,000 Department of Employment My Service Canada Accounts and 112 Department of Employment business accounts to access the contact information and sensitive financial, banking, and employment information of 14,000 individuals held by the Department of Employment and 34,000 individuals held by the Canada Revenue Agency,” he said. This incident comes after Auditor General Karen Hogan said in 2022 the CRA could have done some screening before paying out claims under the Canada Emergency Wage Subsidy (CEWS). READ MORE: CRA should have been more careful with pandemic relief program, auditor general saysThe CEWS cost taxpayers $100.6 billion, including payments to companies in tax default.Hogan said the CEWS was an example of CRA failure to complete cursory background checks using information it had.