Canadians can once again connect online with the Canada Revenue Agency, a key element in the fight to stay economically solvent as the country copes with COVID-19.
The agency says all its services are up and running following a series of cyber attacks that compromised the personal information of thousands of Canadians.
About 5,600 accounts were affected.
Officials say they were able to re-launch the CRA’s business portal, “My Business Account,” on Monday.
All other services resumed at 5 p.m. on Wednesday.
“The CRA sincerely regrets the impact that these cyber security incidents have had on Canadians. CRA personnel, and our partners, have quite literally been working around the clock to combat the recent attacks, to make sure Canadians’ personal information is safe, and to restore access to services on which Canadians rely,” the revenue agency said in a statement.
The agency says it has modified all its security systems to protect against future cyberattacks and says all individuals affected by the breaches will receive a letter explaining how to confirm their identity in order to protect and restore access to their account.
The hackers obtained the information through “credential stuffing,” a type of attack where attackers obtain username and passwords that have been used on other websites.
The agency urged everyone using its online services to update their accounts with unique passwords they don’t use for any other purpose.
It also recommended all CRA “My Account” users enable email notifications, as an additional measure of security.
Users can also opt to use a new security feature that will allow them to set up a unique personal identification number to open an account.
The first of three attacks last week took aim at the GCKey service, which is used by about 30 federal departments and allows Canadians to access services like the My Service Canada account.
By using the previously stolen usernames and passwords, the hackers were able to fraudulently acquire about 9,000 of the some 12 million GCKey accounts.
The CRA’s system was also hit by the credential stuffing attacks to access the CRA portal, exploiting a vulnerability that allowed them to bypass the CRA security questions and get into thousands more accounts.
As well, the CRA portal was directly targeted with a large amount of traffic trying to attack the services through credential stuffing.
With files from The Canadian Press, CBC News (Raisa Patel, Philip Ling, Ryan Patrick Jones), RCI