Hackers try to steal COVID-19 relief payments
Shady Salah – Media in Toronto
Canadian government sites used to provide access to crucial services for immigration, taxes, pension, and benefits have been breached in a coordinated attack to steal COVID-19 relief payments. In two separate cyberattacks, usernames and passwords of 9,041 GCKey service were hacked. Around 30 government departments use GCKey service. In another attack, about 5,500 Canada Revenue Agency (CRA) accounts had been compromised. Over the weekend, the Office of the Chief Information Office of Government of Canada released a statement advising the public of the cyberattack the GCKey system had experienced.
The Treasury Board of Canada Secretariat said that passwords and usernames “were acquired fraudulently and used to try and access government services.” Although the breach has now been contained, the agency revealed that CRA’s My Account, My Business Account and Represent a Client service were affected in the cyberattacks. “The CRA quickly identified the impacted accounts and disabled access to these accounts to ensure the safety and security of the taxpayer’s information” CRA spokesperson Christopher Doody told Global News in an email. The federal agency revealed that the attack was “credential surfing” in which hackers used previously collected usernames and passwords in a worldwide hack to access the accounts. “These attacks took advantage of the fact that many people reuse passwords and usernames across multiple accounts” it said.