A proposed class action has been filed against the Canada Revenue Agency (CRA), accusing both the agency and the federal government of negligence and breach of privacy over the recent data breach incidents that rocked the revenue service.
The lawsuit was filed August 24, 2020 in Federal Court in Vancouver, CBC News reported. If given approval, the lawsuit will seek financial compensation for all victims to cover damage to credit ratings, costs for credit monitoring, and for mental distress.
It is alleged in the lawsuit that several “failings” by the government and the CRA allowed at least three cyberattacks to take place – they occurred from mid-March to mid-August. But news of the attack was not publicly disclosed until CBC News broke the story in August.
The lawsuit further alleges that due to the delay in detecting the breaches, the number of victims whose data was compromised grew to at least 14,500.
“The actions of the [CRA] are reprehensible,” the claim stated. “and showed a callous disregard for the rights of [victims].”
In addition, the lawsuit purported that the CRA’s conduct was “a deliberate ... departure from ordinary standards of decent behaviour, and as such merits punishment.”
CRA announced that it was “a vulnerability in security software” that led to the online breaches, and that it was not aware of the first cyberattack until August 07.
CBC News reported that both the CRA and the federal government have yet to file a response to the lawsuit.