Canada's taxpayers may be the first victims of the Heartbleed bug that put the web on high alert last week. According to the Canada Revenue Agency, 900 social insurance numbers (SINs) were stolen by hackers exploiting the security vulnerability. Even on a small scale, the breach is tantamount to identity theft, and is a situation the CRA had worked hard to avoid.
Taxpayer information stolen in a brief six-hour period
In an official statement issued this morning, the CRA said that it removed public access to its online services when news broke about Heartbleed last week, and worked "around the clock" to patch the bug. However, the taxpayer info was still stolen in a brief six-hour period. "We are currently going through the painstaking process of analyzing other fragments of data," said the agency, "some that may relate to businesses, that were also removed."
The CRA does state that no other breaches before or after the one in question have taken place. The agency is now in the process of contacting affected individuals via registered mail, has set up a dedicated 1-800 number for people in need of information, and will provide credit protection services at no cost. It will not, however, be contacting people by phone or email, outlets it believes can be undermined by fraudsters.