The Canada Revenue Agency (CRA) is locking out 800,000 users from their online accounts on Saturday over concerns that usernames and passwords have been hacked.
In a statement to Daily Hive, the CRA said the move is precautionary, as unauthorized third parties may have obtained the accounts.
“We wish to reiterate that these user IDs and passwords were not compromised as a result of a breach of CRA’s online systems, rather they may have been obtained by unauthorized third parties and through a variety of means by sources external to the CRA, such as email phishing schemes or third-party data breaches,” the statement says.
Therefore, the agency locked the accounts of impacted individuals who have email addresses on file. They were then notified that their email was removed from their account on February 16.
- See also:
“Like the accounts that were locked in February, these user IDs and passwords were not compromised as a result of a breach of CRA’s online systems, rather they may have been obtained by unauthorized third parties and through a variety of means by sources external to the CRA,” the statement added.
“The total number of accounts impacted is roughly 800 thousand.”
The CRA emphasized that the situation is different than what occurred in February and wanted to warn people that access to accounts may be down.
Impacted individuals will be able to re-gain access to their CRA account by going to the login page to create a new CRA user ID and password or by using a different login method.
The agency said that an individual can have more than one login method associated with their CRA account. If one user ID and password is revoked, it does not necessarily mean other login methods can’t be used.
“If individuals are unsuccessful in their attempt to use online options to re-gain access to their CRA account, we ask that they attempt to access their online account again after March 22, 2021. If they are still unable to access their account, they should call the CRA after this date,” they said.
It is important to note that impacted individuals can continue to file their income tax returns online using NETFILE-certified software and can apply for emergency benefits once a different login method is used, or a new CRA user and password is established.
The CRA noted that these preventative measures are not isolated incidents and may become more frequent to “safeguard taxpayers’ information.”
If an individual attempts to log into their CRA account with a user ID and password that has been revoked, an error message will appear to inform them that their CRA user ID has been revoked. The error message will link them to information on how to re-gain access to their account.