"Suspicious activity" detected on over 48,000 CRA accounts following data breach

"Suspicious activity" detected on over 48,000 CRA accounts following data breach | Insurance Business Canada

"Suspicious activity" detected on over 48,000 CRA accounts following data breach

The Treasury Board of Canada has detected suspicious activity on over 48,000 Canada Revenue Agency (CRA) accounts after a series of cyberattacks compromised the agency’s systems in recent months.

According to the treasury, the cyberattacks in July and August targeted both the CRA and GCKey, an online portal which allows users to access government services such as employment insurance and immigration services.

Read more: CRA cyberattacks: A prime example of credential stuffing

It is believed that the malicious actors used a method called credential stuffing in order to gain access to CRA accounts. Credential stuffing involves using usernames and passwords across multiple platforms to abuse accounts that use the same credentials as other accounts that have been previously hacked.

While CRA accounts showed evidence of suspicious activity, the Treasury Board has confirmed that GCKey was not compromised by the malicious actors. However, GCKey has revoked 9,300 credentials for its system as a precaution and is contacting affected users to inform them of how to block later cyberattack attempts.

CBC News reported that those who receive a revocation message can either register for new credentials, or use the SecureKey Concierge for safer, future access.

The Treasury Board has announced that the RCMP’s investigation into the cyberattacks is still ongoing, and that the affected departments have been in contact with the Office of the Privacy Commissioner.