Are you planning to file your income tax return online today?
Sorry, but you can’t. The Canada Revenue Agency (CRA) shut down parts of its Web site today citing safety and security concerns.
The CRA later told the CBC News in an email that the site shutdown is related to the Heartbleed bug which enables attackers to steal encrypted information from email and Web sites . A spokesperson for the CRA said the agency is now investigating potential impact to taxpayers’ personal data.
The shutdown comes just two weeks before the April 30 tax deadline. More than 6.7 million taxpayers have already filed their tax returns online since March 24. That number represents almost 84 per cent of expected tax returns. Before the shutdown, it was estimated that nearly 2,000 retuned are filed every minute through the site.
More people were expected to flood the CRA (still popularly referred to as Revenue Canada) site in the next two weeks, but today visitors to the site were met with an odd red box with an exclamation point and the word: “Heading” and “message.”
Clicking on the box brings visitors to another page with a message that reads:
“To protect the security of taxpayer information, we have temporarily shut down public access to our electronic services. We are working to restore these services as soon as possible in a manner that ensures they are safe and secure.”
Early last month, the CRA’s Web site also issued a warning to users that Canadians are being targeted by bogus emails and phone calls from persons posing as agency personnel.
Earlier this week the CRA also reported that over the past year it fired 14 of its employees and suspended another 18 due to unauthorized access of the agency’s computer files.
It is not yet known if this has anything to do with the site’s shutdown.
Also earlier this week some researchers reported the discovery of a massive vulnerability in OpenSSL, the open sourced software used to encrypt online communications. The bug, which has been called Heartbleed, allows attackers to steal information protected by SSL/TLS encryption which is employed in email communications, instant messaging, Web apps and virtual private networks.
Federal agencies and departments have been in the spotlight lately for failing to effectively protect private and personal information of Canadian citizens and residents.
During the period between April 1, 2013 and January 29, 2014, federal departments and agencies reported no less than 3,763 data breaches including incidents where taxpayers’ information were lost, compromised or mistakenly released, according to a report by the Privacy Commissioner’s Office. That figure is slightly higher than the 3,000 data breaches reported by the government in the last 10 years, according to the Citizen.
Most recent figures show that the CRA reported 2,983 data breach incidents during the reporting period. About 120 of the cases stemmed from theft or loss of data or information being compromised.