Over the weekend, the Canadian Revenue Service was hit with multiple attacks that forced it to close the online portal known as GCKey. This system is used by over 30 federal departments across a range of services including Employment and Social Development Canada, Immigration, Refugees and Citizenship Canada.
It’s been reported that there were over 9000 affected accounts in what is being called a ‘credential stuffing’ attack. This is were fraudulently aqcuired usernames and passwords were used to access accounts, change details and in some cases even be used to sign up for services such as CERB on behalf of the user with new banking and address information.
The attack works by using username and password information found on the internet and relies on the fact that many people reuse the same usernames (often an email address) and passwords across multiple services.
As of Monday morning, the system was still offline.
At this point, it appears that only those whose accounts were compromised would start getting account change emails which is standard procedure when you update information in your account. There is currently no way to login and see if you’re affected. The government has disabled the login portal while it and the RCMP investigate the attacks and to prevent further access and usage by the perpetrators of the attack.
In a statement from the Treasure Board, approximately 9041 out of the 12 million active accounts in Canada may have been affected by he attacks. But that number may change as more information about the attack comes out.
You can read the full statement from the Treasury Board of Canada here.