Wealthprofessional.Ca
Over 42,000 Data Breaches Affect Canadian Taxpayers' Accounts
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
Since 2020, the Canada Revenue Agency (CRA) has reported over 42,000 data breaches affecting taxpayer accounts, as revealed by the Office of the Privacy Commissioner (OPC). The breaches, classified as Unauthorized Use of Taxpayer Information by a Third Party (UUTP), primarily involved attackers using stolen credentials from external sources. Hackers accessed accounts to file false tax returns, redirect payments, or impersonate taxpayers via call centers. The CRA's inability to track and report these breaches effectively raised significant governance concerns. The OPC's investigation highlighted the lack of mandatory multi-factor authentication until October 2021 and the agency's reliance on self-reported breaches. The CRA has accepted most of the OPC's nine recommendations for improvement. The report was presented to Parliament on May 7, 2026.
Key Points: • Over 42,000 taxpayer accounts breached since 2020, primarily via stolen credentials. • CRA failed to implement mandatory multi-factor authentication until October 2021. • OPC's report highlighted significant governance and tracking deficiencies within the CRA.