The Canada Revenue Agency phone lines have been blowing up since yesterday.

This, after the CRA locked countless taxpayers’ accounts and removed their email addresses from its online platform across Canada.

 

In response, the agency sent us this statement via email:

“The Canada Revenue Agency (CRA) would like to take the opportunity to clarify an alert that was sent on February 16 regarding the email addresses associated with some CRA accounts. Taxpayers may have received a notification from the CRA indicating that their email address has been removed from their account.

To be clear, these accounts were not impacted by a cyber attack at the CRA. These accounts have not been compromised and the action taken to lock the accounts was a preventative measure. In today’s increasingly digital world, organizations must constantly take steps to safeguard sensitive information against constantly evolving threats. The protection of taxpayer information is of the utmost importance for the CRA. This is why we have stringent and ongoing measures in place to analyze and identify and mitigate against potential threats.

In this particular case, an internal analysis revealed evidence that some account credentials (i.e. user IDs and passwords) may have been compromised, and may be available for use by unauthorized individuals. These credentials were not compromised as a result of a breach of CRA’s systems. Rather, they have been obtained through a variety of means by sources external to the CRA. As a precautionary security measure and to prevent unauthorized access to these accounts, we took swift action to lock the accounts and are in the process of contacting the legitimate account holders to unlock their accounts.

We will work with impacted individuals to re-establish their credentials and unlock their accounts. There is no urgent need for taxpayers to contact us imminently unless they are an emergency benefit applicant and have active applications in our system. We will prioritize these calls to minimize delays in the delivery of these crucially important emergency benefits.

Canadians’ vigilance in protecting account information is also an essential layer of security. The CRA reminds all Canadians that it’s important to monitor their CRA accounts for any suspicious activity including unsolicited changes to banking, mailing address or benefit applications made on your behalf. Canadians are also encouraged to change their passwords regularly.

Since the occurrence of cyber incidents in summer 2020, the CRA has introduced a number of additional safeguards and proactive measures to increase the security of our online accounts, including the introduction of multi-factor authentication.

We thank Canadians for their patience as we work to reactivate accounts and remain vigilant regarding our online security to ensure the protection of taxpayer information. We regret this inconvenience.”