Canada Revenue Agency locks 800,000 accounts, cites possible email ‘phishing’ schemes

The Canada Revenue Agency says it has locked roughly 800,000 accounts after a routine check found that the login information was available to “unauthorized individuals.”

The tax agency says impacted users will be locked out of their accounts as a preventive measure until they create a new user ID and password.

The CRA says the accounts were not compromised as a result of a breach of the agency’s online systems.

Advertisement

Instead, the federal agency says the login information may have been obtained by unauthorized third parties and through a variety of means by sources external to the CRA, including email phishing schemes.

The statement comes less than a month after the tax agency said an unspecified number of user IDs and passwords may have been accessed by unauthorized individuals “through a variety of means by sources external to the CRA.'”

The federal agency said in February the accounts had not been compromised by a cyberattack but were locked as a preventive measure.