Business

Cdns wary of tax security before Heartbleed

The Heartbleed bug affected and infected several high-profile, often-used websites, resulting in a security breach and a warning for all e-commerce users, or those whose personal information was vulnerable. - Heartbleed.com screenshot
The Heartbleed bug affected and infected several high-profile, often-used websites, resulting in a security breach and a warning for all e-commerce users, or those whose personal information was vulnerable.
— image credit: Heartbleed.com screenshot

By Dean Beeby, The Canadian Press

OTTAWA - The Internet bug known as Heartbleed that surfaced in early April hit the Canada Revenue Agency just as it was trying to expand its online services for individual taxpayers.

Focus groups consulted in the weeks before word of the bug triggered a five-day shutdown of income-tax servers suggest Canadians were already wary of online security at the agency.

The bug forced the agency to suspend its online tax-filing system on April 8, the height of tax season, and led to the theft of about 900 social insurance numbers from Canadians who had used the service.

The major security breach happened shortly after a focus-group project asked Canadians whether they would use new online services allowing them to submit receipts and other documents electronically, and to transfer money directly to the government online.

"The only concern mentioned with some frequency ... was security of personal information," says a March report, commissioned from Phoenix Strategic Perspectives Inc. for $53,000.

"Participants queried the secureness of the service and wondered about the potential for security breaches and loss of privacy."

The agency is examining whether individual Canadians would use a payment system that allows money to be sent directly to the government without a financial institution as an intermediary, as is done by some businesses already.

Many participants told Phoenix they did not trust the Canada Revenue Agency, and worried the government could access private financial information or even withdraw money without approval.

There was more support for the online document-transfer service, but concerns about security remained.

A spokesman for the agency says the theft of the 900 social insurance numbers has apparently not led to any further crime.

"To date, the CRA has no evidence of fraud or theft in relation to any taxpayer affected by the compromise of CRA systems," Philippe Brideau said in an email.

"The agency has also applied additional protections to the CRA accounts of all affected individuals to prevent any unauthorized activity."

Brideau said almost a million tax returns were filed in the first 24 hours after the online service was restored April 13, when a Heartbleed patch was finally installed.

The total number of returns filed online as of last week is over 21 million, or 80 per cent of all returns received, compared with 76 per cent last year. The agency hit the 80 per cent threshold earlier than its 2016-17 target.

"Clearly, taxpayers have confidence in the security of CRA's online services," he said.

Brideau added that the Heartbleed episode has not delayed or changed the agency's plans to expand online services for individuals.

The RCMP have charged Stephen Arturo Solis-Reyes, 19, of London, Ont., in connection with the Heartbleed breach at the agency.

The agency came under criticism for taking more than a day to suspend its online service after learning of security warnings about the bug.

The Canada Revenue Agency has been pressing more Canadians to use the online filing service largely because electronic returns cost only 80 cents to process, compared with $3.20 for paper returns that must be manually keyed or scanned.

Follow @DeanBeeby on Twitter

We encourage an open exchange of ideas on this story's topic, but we ask you to follow our guidelines for respecting community standards. Personal attacks, inappropriate language, and off-topic comments may be removed, and comment privileges revoked, per our Terms of Use. Please see our FAQ if you have questions or concerns about using Facebook to comment.

You might like ...

NDP blasts lottery corporation spending
 
Virk shuffled to new job after Kwantlen flap
 
Site C dam construction to start next summer
Transforming student futures
 
Long term service awards presented to Regional District of Central Kootenay staff
 
Two killed in snowmobile accident
Puppet nears completion
 
Donations to Salvation Army only at 50 per cent
 
Easy win for hugs