#CyberFLASH: 19-Year-Old Londoner Accused in CRA-Heartbleed Hack to Appear in Ottawa Court

heartbleed-new-backgroundA court appearance is scheduled Friday morning in Ottawa for the London teen charged with hacking into the Canada Revenue Agency website last spring.

Stephen Solis-Reyes — a graduate of Mother Teresa high school in London — was originally charged with unauthorized use of a computer and mischief in relation to data. Solis-Reyes was in the midst of his second year as a computer science student at Western University when he was arrested and charged last April.

About 900 social insurance numbers were stolen from CRA computers in relation to the breach. The CRA temporarily shut down some access to its website on April 8th in response to security concerns about the Heartbleed bug. The website wasn’t available to tax filers for several days.

The Heartbleed bug was caused by a flaw in OpenSSL software, which is commonly used on the Internet to provide security and privacy. The bug affected many global IT systems in both private and public sector organizations and has the potential to expose private data.

Read more here

#CyberFLASH: CRA data breach should be the final straw

image-12If heads don’t roll after the latest security debacle at the Canada Revenue Agency, they should.

The tax agency revealed yesterday that a spreadsheet containing detailed information on a number of high-profile Canadians, including former PM Jean Chretien, author Margaret Atwood, ex drug czar Richard Pound and media mogul Moses Znaimer, had been sent to the CBC. The 18-page file included names, home addresses, and details of donations made to Canadian museums and galleries.

In a statement released late yesterday, CRA Commissioner Andrew Treusch attributed the accidental release of the personal information to human error, and said it “constitutes a serious breach of privacy.”

The CBC said it received the file electronically in response to an Access to Information Request. In a move that surprises no one, Treusch said the agency “has launched an internal investigation into the privacy breach and its security protocols.”

Read more here

#CyberFLASH: Heartbleed bug: RCMP asked Revenue Canada to delay news of SIN thefts

image-11

The Canada Revenue Agency knew last Friday that hundreds of Canadians had their social insurance numbers stolen from its website because of the Heartbleed security bug but waited until Monday to make it public.

“The Canada Revenue Agency contacted our office last Friday afternoon to notify us about the attack and of the measures it was taking to mitigate risks and notify affected individuals,” said Valerie Lawton, a spokeswoman for the Privacy Commissioner’s Office, in a written statement Monday afternoon.

The commissioner’s office later clarified that it was told by CRA that “several hundred Canadians” had their social insurance numbers stolen from the agency’s website due to the Heartbleed security bug.

The CRA publicly confirmed the attack Monday morning.

“Social insurance numbers (SIN) of approximately 900 taxpayers were removed from CRA systems by someone exploiting the Heartbleed vulnerability,” the CRA said in a statement.

But the RCMP said in a statement Tuesday it asked the CRA to delay notifying the public about the breach when the revenue agency referred the matter to the Mounties on Friday.

Read more here 

#CyberFLASH: Heartbleed security bug: Canadian tax services back online

hi-computer-user-cp02297501

The Canada Revenue Agency says full service has been restored on all of its online systems as of Sunday.

A release from the CRA said that “individuals, businesses and representatives are now able to file returns, make payments, and access all other e-services available through the CRA’s website, including all our secure portals.”

“Our systems are back online. We apologize for the delay and the inconvenience it has caused to Canadians. That said, the delay was necessary. We could not allow these systems back online until we were fully confident they were safe and secure for Canadian taxpayers,” said CRA Commissioner Andrew Treusch.

Read more here

© 2013 CyberTRAX Canada - All Rights Reserved.
Sponsored by C3SA Corp.