The federal privacy watchdog says there have been more than 42,000 breaches at the Canada Revenue Agency since 2020 as a result of people gaining unauthorized access to, or modifying, taxpayer information.
More than 42,000 breaches at Canada Revenue Agency since 2020, watchdog says
Listen to this article
Estimated 1 minute
The audio version of this article is generated by AI-based technology. Mispronunciations can occur. We are working with our partners to continually review and improve the results.
The federal privacy watchdog says there have been more than 42,000 breaches at the Canada Revenue Agency since 2020 as a result of people gaining unauthorized access to, or modifying, taxpayer information.
In a special report tabled in Parliament, Privacy Commissioner Philippe Dufresne points to gaps in the revenue agency’s prevention, monitoring, detection and handling of breaches.
Dufresne found the agency couldn’t provide details of every confirmed breach due to limitations in its tracking systems and the overall volume of incidents.
The commissioner’s office says the agency did not implement mandatory multi-factor authentication — a means of helping people bolster account security — in a timely manner, and did not consistently rely on methods considered to be best practices.
It also says the agency could not always adequately explain how attackers managed to bypass authentication processes.
The commissioner made nine recommendations for improvement, eight of which were accepted in full and one in part by the revenue agency.
