‘Do not reuse the same password for different systems and applications’
The Canada Revenue Agency (CRA) stopped its online services after two cyberattacks over the weekend, according to the government.
Roughly 5,500 CRA accounts were targeted as part of the GCKey attack and another recent “credential stuffing” attack aimed at the CRA.
Used by about 30 federal departments, GCKey allows Canadians to access services such as Employment and Social Development Canada’s My Service Canada Account or their Immigration, Refugees and Citizenship Canada account. Of the roughly 12 million active GCKey accounts in Canada, the passwords and usernames of 9,041 users were acquired fraudulently and used to try and access government services, a third of which accessed such services and are being further examined for suspicious activity.
Access to all affected accounts has been disabled to maintain the safety and security of taxpayers’ information and the agency is contacting all affected individuals and will work with them to restore access to their CRA MyAccount, according to the government.
“The government is continuing its investigation, as is the RCMP to determine if there have been any privacy breaches and if information was obtained from these accounts. As well, the Office of the Privacy Commissioner has been contacted and alerted to possible breaches,” says the government.
The government also urged the public to help reduce the risk of cyberattacks by always using a unique password for all online accounts.
“Do not reuse the same password for different systems and applications and regularly monitor all online accounts for suspicious activity,” says the government.
More than one-third (36 per cent) of business executives believe that cybersecurity threats have increased amid the pandemic, according to a quick survey by CNBC in March.
But there are a number of ways to fight back and provide basic protections says one expert, in talking to Canadian HR Reporter.