#CyberFLASH: CRA data breach should be the final straw

image-12If heads don’t roll after the latest security debacle at the Canada Revenue Agency, they should.

The tax agency revealed yesterday that a spreadsheet containing detailed information on a number of high-profile Canadians, including former PM Jean Chretien, author Margaret Atwood, ex drug czar Richard Pound and media mogul Moses Znaimer, had been sent to the CBC. The 18-page file included names, home addresses, and details of donations made to Canadian museums and galleries.

In a statement released late yesterday, CRA Commissioner Andrew Treusch attributed the accidental release of the personal information to human error, and said it “constitutes a serious breach of privacy.”

The CBC said it received the file electronically in response to an Access to Information Request. In a move that surprises no one, Treusch said the agency “has launched an internal investigation into the privacy breach and its security protocols.”

Read more here

#CyberFLASH: Heartbleed bug: RCMP asked Revenue Canada to delay news of SIN thefts

image-11

The Canada Revenue Agency knew last Friday that hundreds of Canadians had their social insurance numbers stolen from its website because of the Heartbleed security bug but waited until Monday to make it public.

“The Canada Revenue Agency contacted our office last Friday afternoon to notify us about the attack and of the measures it was taking to mitigate risks and notify affected individuals,” said Valerie Lawton, a spokeswoman for the Privacy Commissioner’s Office, in a written statement Monday afternoon.

The commissioner’s office later clarified that it was told by CRA that “several hundred Canadians” had their social insurance numbers stolen from the agency’s website due to the Heartbleed security bug.

The CRA publicly confirmed the attack Monday morning.

“Social insurance numbers (SIN) of approximately 900 taxpayers were removed from CRA systems by someone exploiting the Heartbleed vulnerability,” the CRA said in a statement.

But the RCMP said in a statement Tuesday it asked the CRA to delay notifying the public about the breach when the revenue agency referred the matter to the Mounties on Friday.

Read more here 

© 2013 CyberTRAX Canada - All Rights Reserved.
Sponsored by C3SA Corp.