Skip to content

CRA HACKED – How can I protect Myself?

Cra Hacked

Earlier in August of 2020, it was announced that the CRA was the victim of a massive cyberattack. At the time of this blog post, 5,500 breached accounts. This caused them to shut down the CRA portal to protect your protection.

Image
Screen shot of CRA logon services are temporarily disabled on August 18th, 2020

They used a common tactic; previously breached credentials. This is something we have seen in IT for years, but this is the first time such a significant attack against a government service.

Unfortunately, cybercrime is big business, literally a billion-dollar industry. Due to COVID-19 and the government helping us with CERB payments, it made the CRA a lucrative target.

You are probably wondering, how did these 5,500 accounts get breached? There are many proximate causes, but the ultimate cause, our bad habits; people are reusing passwords. When these passwords are breached, the hackers then use them to go “credential surfing”.

It’s a simple thing, hackers buy password lists from the dark web. Sometimes, it’s when a trusted website you use gets hacked like Linked In was in 2012; other times, it’s when people fall for phishing emails like this more recent Netflix attack.

They then use this list of username and passwords and ‘surf’ the internet trying to log into as many websites as they can, once they find one they will either resell it, or use it to to access the service. In the case of the CRA, the likely target of this hack was to apply for CERB payments in your name, while directing them to their bank accounts.

How can we protect ourselves?

It’s likely that in the future if your account was breached, you will receive a notice from the CRA letting you know. It is always recommended to check your credit report (something that is wise to do, at least annually) or talk to your bank about identity protection services.

If your account was breached, it’s possible they can use this information to perform identity theft and open new credit accounts in your name.