900 SINs stolen from CRA online systems during Heartbleed breach

The federal tax agency says the social insurance numbers of roughly 900 people were stolen from its systems, which were left vulnerable by the so-called Heartbleed bug.

The Canada Revenue Agency blocked public access to its online services for several days last week until it put in place measures to address the security risk, but says there was nonetheless a data breach over a six-hour period.

It says it is analyzing other fragments of data that have been removed from its systems, while putting measures in place to protect those affected by the breach.

The agency says everyone affected will receive a registered letter and free access to credit protection services.

The Heartbleed bug is caused by a flaw in OpenSSL software, which is commonly used on the Internet to provide security and privacy.

The bug is affecting many global IT systems in both private and public sector organizations and has the potential to expose private data.

Leave a comment:

showing all comments · Subscribe to comments
  1. GT posted on 04/14/2014 03:18 PM
    What are the odds that the guy who was sued by facebook for $873M would be involved in the 900 SIN # going awol?
showing all comments

Share this article: