The Canada Revenue Agency (CRA) was forced to lock out the accounts of more than 100,000 users of its online service after user information has reportedly been leaked on the dark web.
Several users have reported encountering an “error 021” on their accounts and received an alert saying their emails had been disconnected from their CRA accounts.
CRA clarified that it had not been a target of a cyberattack, but that some of its users may have been involved in separate data breaches.
“An internal analysis revealed evidence that some account credentials (i.e. user IDs and passwords) may have been compromised, and may be available for use by unauthorized individuals,” said CRA spokesperson Christopher Doody.
CRA said that compromised users might have used the same leaked log-in credentials in their leaked accounts.
“As a precautionary security measure and to prevent unauthorized access to these accounts, we took swift action to lock the accounts and are in the process of contacting the legitimate account holders to unlock their accounts,” explained Doody.
Jeremy Bellefeuille, press secretary at the Office of the Minister of National Revenue announced that those affected would receive letters on how to contact the agency and authenticate themselves.
The lockouts occurred just a few days before the Canadian 2021 tax season kicks off.