900 SIN numbers stolen from CRA site during HeartBleed attack

[walkonby]

Just heard this latest report about the CRA site.

http://www.ctvnews.ca/canada/cra-say...loit-1.1774708

[trishka]

I would not want to be the privacy officer for the CRA right now. For the number of people whose information is on their servers, 900 seems like a relatively small number. Still not good, but it could have been worse. I just hope I'm not one of them.

[walkonby]

they are saying you will get a registered letter if you are one of the people affected. Never a phone call, never an email, these would be scam artists phishing for info.

[xlxo]

Kudo's to those who file there taxes late?

• I have to admit, until the CRA brought the HeartBleed situation to Canadian's attention... no one really cared. NSA loved it.
• How secure were other sites we all visit? eg Facebook, twitter, etc...
• How secure do you feel about this site??? When I put in my id/password to login to SmartCanuck... I did not see HTTPS in the URL.
  https://lastpass.com/heartbleed/?h=f...martcanucks.ca

[trishka]

they are saying you will get a registered letter if you are one of the people affected. Never a phone call, never an email, these would be scam artists phishing for info.

Yeah, I heard that. A mod on a Toronto Star article said that the CRA gave no indication of when they were notifying those affected.

[trishka]

Kudo's to those who file there taxes late?

Doesn't matter when they filed. If they've filed electronically previously, they're potentially at risk.

[walkonby]

For those who have an accountant do their taxes aren't their SIN numbers just as vulnerable? ( I am sure most file on line for their clients )

[trishka]

For those who have an accountant do their taxes aren't their SIN numbers just as vulnerable? ( I am sure most file on line for their clients )

Absolutely. Most file online because it takes way less time for their clients to get refunds if they are entitled to them.

[trishka]

For those who have an accountant do their taxes aren't their SIN numbers just as vulnerable? ( I am sure most file on line for their clients )

I had a thought that depending on what database was compromised, those who don't file electronically probably still have their SINs stored in an electronic database at the CRA, so they're still at risk.

[walkonby]

good point! I wonder when they will give real answers about this to the public. No one from the CRA would speak about it yesterday on camera

[trishka]

Mounties say they asked CRA to delay announcing loss of personal data

http://www.cp24.com/news/mounties-sa...data-1.1777336

The RCMP were notified of the security breach on Friday, but asked the agency to hold off making an immediate announcement about the data loss so they could pursue investigative leads.

...

At least one Internet security expert has suggested that the data losses may go well beyond just 900 social insurance numbers.

[walkonby]

some charges laid by the RCMP today

http://business.financialpost.com/20..._lsa=77cc-457f

[Natalka]

Glad they caught him - so smart enough to do the hacking, but not enough common sense to hide his tracks - his IP address, duh!

The CRA has also extended the 2013 tax filing deadline until May 5.