Canadians trying to log in to their Canada Revenue Agency accounts online this weekend were met with a notice that sign-in service was unavailable.
Services are down until further notice, according to messages posted on the CRA website on Friday, December 10 and Saturday, December 11.
The agency decided to proactively take their online services offline as a precaution while they work to secure systems against “potential threats.”
- You might also like:
- CRA locking 800,000 Canadian taxpayers out of accounts over hacking concerns
- Over 5,000 CRA accounts the target of a recent cyberattack
- "Just frustrated and worried": Canadians react to mass CRA lockouts
“The CRA has become aware of a security vulnerability affecting organizations around the world. As a precaution, we have proactively decided to take our systems offline while we work to secure our systems,” reads the notice.
“There is currently no indication that CRA systems have been compromised, or that there has been any unauthorized access to taxpayer information because of this vulnerability.”
It’s not clear when services will become available again and the agency has promised an update as soon as one becomes available.
CRA doesn’t go into detail about what the “security vulnerability” could be. Daily Hive has reached out to the CRA for more information and will update this story. You can read their E-service updates online to learn more.
On Friday, December 10, multiple tech news outlets reported about a newly discovered vulnerability called CVE-2021-44228.
Since it’s been found, many businesses and organizations have reportedly been scrambling to protect themselves from the potentially compromising vulnerability.
The CRA has become aware of a security vulnerability affecting organizations around the world. As a precaution, we have proactively decided to take our systems offline while we work to apply the appropriate security upgrades to our systems. (1/3)
— Canada Revenue Agency (@CanRevAgency) December 11, 2021
This is not the first time the CRA has halted access to user accounts due to cybersecurity concerns.
In 2020, close to 5,500 CRA accounts were targeted in a GCKey attack and another credential stuffing attack.