CRA site shutdown follows discovery of so-called Heartbleed bug targeting personal online data protected by SSL/TLS encryption

With just over two weeks to go before the April 30 tax deadline, the Canada Revenue Agency has shut down parts of its Web site siting security concerns.

More than 6.7 million taxpayers have already filed their tax returns online since March 24. That number represents almost 84 per cent of expected tax returns. Before the shutdown, it was estimated that nearly 2,000 returns were being filed every minute through the site.

More people were expected to flood the CRA site in the next two weeks, but today visitors to the site were met with an red box with an exclamation point and the words: “Heading” and “message.”

Clicking on the box brings visitors to another page with a message that reads:

“To protect the security of taxpayer information, we have temporarily shut down public access to our electronic services. We are working to restore these services as soon as possible in a manner that ensures they are safe and secure.”

The development closely follows the discovery earlier this week of a massive vulnerability in OpenSSL, the open sourced software used to encrypt online communications. The bug, which has been called Heartbleed, allows attackers to steal information protected by SSL/TLS encryption which is employed in email communications, instant messaging, Web apps and virtual private networks.

The CRA later told the CBC News in an email that the site shutdown is related to the Heartbleed Bug. A spokesperson for the CRA said the agency is now investigating potential impact to taxpayers’ personal data.

UPDATE: At 3 p.m. Eastern on Wednesday the department issued a note saying it expects the site to be back up over the weekend. Taxpayers won’t be penalized for the disruption. The notice said the site was shut Tuesday “as a preventive measure” after learning about Heartbleed.


Early last month, the CRA’s Web site also issued a warning to users that Canadians are being targeted by bogus emails and phone calls from persons posing as agency personnel.

Earlier this week the CRA also reported that over the past year it fired 14 of its employees and suspended another 18 due to unauthorized access of the agency’s computer files.

It is not yet known if this has anything to do with the site’s shutdown.

Federal agencies and departments have been in the spotlight lately for failing to effectively protect private and personal information of Canadian citizens and residents.

During the period between April 1, 2013 and January 29, 2014, federal departments and agencies reported no less than 3,763 data breaches including incidents where taxpayers’ information were lost, compromised or mistakenly released, according to a report by the Privacy Commissioner’s Office. That figure is slightly higher than the 3,000 data breaches reported by the government in the last 10 years, according to the report

Most recent figures show that the CRA reported 2,983 data breach incidents during the reporting period. About 120 of the cases stemmed from theft or loss of data or information being compromised.

Related Download
Improving economic competitiveness and vitality: A smarter approach to economic development Sponsor: IBM Canada Ltd
Improving economic competitiveness and vitality: A smarter approach to economic development
Cities that create positive business environments stand to gain tremendously from increased economic growth, job creation and prosperity.
Register Now
Share on LinkedIn Share with Google+ Comment on this article