#CyberFLASH: CRA data breach should be the final straw

image-12If heads don’t roll after the latest security debacle at the Canada Revenue Agency, they should.

The tax agency revealed yesterday that a spreadsheet containing detailed information on a number of high-profile Canadians, including former PM Jean Chretien, author Margaret Atwood, ex drug czar Richard Pound and media mogul Moses Znaimer, had been sent to the CBC. The 18-page file included names, home addresses, and details of donations made to Canadian museums and galleries.

In a statement released late yesterday, CRA Commissioner Andrew Treusch attributed the accidental release of the personal information to human error, and said it “constitutes a serious breach of privacy.”

The CBC said it received the file electronically in response to an Access to Information Request. In a move that surprises no one, Treusch said the agency “has launched an internal investigation into the privacy breach and its security protocols.”

Read more here

#CyberFLASH: Heartbleed internet bug may not affect wi-fi


The Heartbleed Internet bug is still haunting websites worldwide, but it looks like public Wi-Fi is pretty safe.

That doesn’t mean you should start banking on an open network — that’s still dangerous.

However, you can connect your laptop or smartphone at most coffee shops, hotels and airports without worrying about hackers exploiting the Heartbleed bug on a Wi-Fi router to spy on you.

Most of the Wi-Fi devices used in public spaces are made by Cisco or Ruckus Wireles, and both companies say that hardware wasn’t susceptible to the bug in security software.

Read more here

#CyberFLASH: RCMP charge 19-year-old man in Heartbleed privacy breach


A 19-year-old man from London, Ont., has been charged in connection with using the Heartbleed bug to exploit taxpayer data from the Canada Revenue Agency website.

The RCMP announced Wednesday that Stephen Arthuro Solis-Reyes was arrested at his home Tuesday without incident. He has since been released and is staying with his parents in London’s north end.

Solis-Reyes faces charges related to one count of unauthorized use of a computer and one count of mischief in relation to data.

He’s the son of a computer science professor at Western University, CTV News has confirmed.

The CRA shut down public access to its online services on April 8 after learning its systems were vulnerable to the Heartbleed bug. Then on Monday, the agency announced that the Social Insurance Numbers of about 900 taxpayers were taken from the CRA systems over a six-hour period by someone who had exploited the Heartbleed bug

Read more here

#CyberFLASH: Heartbleed bug: RCMP asked Revenue Canada to delay news of SIN thefts


The Canada Revenue Agency knew last Friday that hundreds of Canadians had their social insurance numbers stolen from its website because of the Heartbleed security bug but waited until Monday to make it public.

“The Canada Revenue Agency contacted our office last Friday afternoon to notify us about the attack and of the measures it was taking to mitigate risks and notify affected individuals,” said Valerie Lawton, a spokeswoman for the Privacy Commissioner’s Office, in a written statement Monday afternoon.

The commissioner’s office later clarified that it was told by CRA that “several hundred Canadians” had their social insurance numbers stolen from the agency’s website due to the Heartbleed security bug.

The CRA publicly confirmed the attack Monday morning.

“Social insurance numbers (SIN) of approximately 900 taxpayers were removed from CRA systems by someone exploiting the Heartbleed vulnerability,” the CRA said in a statement.

But the RCMP said in a statement Tuesday it asked the CRA to delay notifying the public about the breach when the revenue agency referred the matter to the Mounties on Friday.

Read more here 

#CyberFLASH: Heartbleed security bug: Canadian tax services back online


The Canada Revenue Agency says full service has been restored on all of its online systems as of Sunday.

A release from the CRA said that “individuals, businesses and representatives are now able to file returns, make payments, and access all other e-services available through the CRA’s website, including all our secure portals.”

“Our systems are back online. We apologize for the delay and the inconvenience it has caused to Canadians. That said, the delay was necessary. We could not allow these systems back online until we were fully confident they were safe and secure for Canadian taxpayers,” said CRA Commissioner Andrew Treusch.

Read more here

#CyberFLASH: Heartbleed bug shows governments slow to react


The revelation Monday that the social insurance numbers of 900 Canadians were stolen from the website of the Canada Revenue Agencylast week has raised yet more questions about the government’s response to the Heartbleed computer bug.

Researchers in Canada’s online security community say that the Heartbleed breach is evidence that government is often not as well equipped as private companies to detect and react quickly to online security threats.

The government “was really slow on this,” says Christopher Parsons, a post-doctoral fellow at the Citizen Lab at the Munk School of Global Affairs at the University of Toronto.

“If you look at Yahoo, it had begun updating its security practices prior to the CRA fully taking action. The same thing with other larger companies. As soon as they saw what was going on, they immediately reacted and issued public statements.”

Read more here



#CyberFLASH: Heartbleed bug highlights banks’ severe cyber security headaches


Shortly after news of the Heartbleed bug hit the media this week, the Canadian Bankers Association put out a statement declaring that their members were secure and that Canadians could rest easy. Their financial information was safe.

But while there is no question that banks in this country are sophisticated players that spend big money to ensure that their online systems are protected, they are far from impregnable.

Losses due to cybercrime have been on the rise for years in Canada, topping $3-billion in 2013, up from $1.4-billion the previous year, according a report by Symantec Corp., the anti-virus software company. Financial institutions such as banks don’t generally disclose the cost of online crime on their operations but observers say it is substantial.

Read more here

#CyberFLASH: Federal government conducting system-wide checks for Heartbleed bug


Federal government departments are scouring their IT systems in the wake of revelations that the Canada Revenue Agency’s website may have been vulnerable to a computer bug that has threatened the security of websites around the world.

Jacques Gourde, parliamentary secretary to Prime Minister Stephen Harper, said officials are trying to verify whether the CRA’s system has been breached and whether other government departments are affected.

“I think that all information systems, not only in Canada but around the world, are doing that kind of verification.”

Gourde’s comments came after the Canada Revenue Agency announced early Wednesday that it had shut down a number of web-based services, including electronic tax return filing, following the realization that its information technology systems were vulnerable to the newly discovered Heartbleed bug.

Read more here

© 2013 CyberTRAX Canada - All Rights Reserved.
Sponsored by C3SA Corp.