Canada Settles $8.7M Class-Action Over CRA Data Breach Affecting 47,000 Accounts

Canada Settles $8.7M Class-Action Over CRA Data Breach Affecting 47,000 Accounts

First seen 7 May 2026, 16:27 UTC Uk.News.YahooDailyhiveInsurancebusinessmagVietnam.VnRcmp.Ca+3 84% similarity 64.5

Article Content

Browse articles
ThreatCluster

The Canadian federal government has agreed to pay $8.7 million to settle a class-action lawsuit concerning a data breach that compromised the personal information of over 47,000 Canadians. The breach occurred between March and December 2020, primarily due to 'credential stuffing' attacks on government online accounts, including the Canada Revenue Agency (CRA) portal. Hackers exploited weak security measures to access sensitive data, including social insurance numbers and banking details, and used this information to fraudulently apply for COVID-19 relief benefits. The settlement, approved by Federal Court Justice Richard Southcott, allows affected individuals to claim compensation based on the extent of the fraud experienced. The CRA has faced criticism for its inadequate security measures that enabled these breaches. The settlement also includes provisions for reimbursement of out-of-pocket losses related to identity theft and fraud. The case highlights ongoing vulnerabilities in government digital services amidst rising cyber threats.

Key Points: • The Canadian government will pay $8.7 million to settle a class-action lawsuit over a data breach. • Over 47,000 Canadians had their personal information compromised through credential stuffing attacks. • The breach allowed hackers to fraudulently apply for COVID-19 benefits using victims' identities.

ThreatCluster AI

Timeline

2020-03-01
Credential stuffing attacks began
Hackers started exploiting weak security in CRA accounts, accessing sensitive data of Canadians.
Uk.News.Yahoo
2020-12-31
Data breach period ends
The breach affecting CRA accounts concluded, impacting thousands of Canadians' personal information.
Insurancebusinessmag
2025-12-01
Settlement agreement proposed
The government and plaintiffs reached a proposed settlement to resolve the class-action lawsuit.
Dailyhive
2026-05-05
Settlement approved by court
Federal Court Justice Richard Southcott approved the $8.7 million settlement for affected Canadians.
Dailyhive
2026-05-07
Settlement details announced
Details on compensation claims and eligibility for affected individuals were released following court approval.
Insurancebusinessmag

Community

Browse all →