CRA Shuts Down “Secure” Services on Security Concerns - Small businessess from 1 to 80 employees outsource your payroll management to us and let us worry about your payroll processing.
RSS Follow Become a Fan

Delivered by FeedBurner

Recent Posts

Tax changes to expect when you’re expecting
2016 Tax Tips for 2015 Filing Year
From Proprietorship to Corporation - When is the Best Time to Incorporate?
Tax Specialists Brief your Clients About CRA Fraud And E-Mail Scams
Bank of Canada cuts rates again

Most Popular Posts

Help your teenager build credit responsibly
Being an Executor of an Estate
Student Line of Credit
Principal Residence Exemption


aliko nutrition store- isotonix
aliko payroll services
canada revenue news and videos
canadian news
Cross border Tax
Disability awareness and Benefits for disabled
estate planning
Home Car Insurance
Income Splitting Strategies in Retirement
kids and money -set your children up for financial success
life insurance
on line safety tips
online safety tips
Real Estate - Investments / Retirement
Retirement planning
Save your money
small business planning
Tax Information for Students
tax news
tax planning
Tech news


January 2016
July 2015
May 2015
April 2015
February 2015
December 2014
November 2014
September 2014
August 2014
July 2014
June 2014
May 2014
April 2014
March 2014
February 2014
January 2014
December 2013
November 2013
October 2013
September 2013
August 2013
July 2013
June 2013

powered by


CRA Shuts Down “Secure” Services on Security Concerns

CRA Shuts Down “Secure” Services on Security Concerns
CRA Shuts Down “Secure” Services on Security Concerns
CRA has shut down all “secure” access to their website (i.e. areas where you must log in are not currently available). These areas include EFILE, NETFILE, My Account, My Business Account and Represent a Client.
At the time of writing, CRA is expecting to resume electronic service over the weekend.
Rumors are circulating that the issue is due to a virus, but those rumors are simply not true – and the problem, though recently discovered, has existed for more than two years. The problem is a coding error (dubbed the “Heartbleed bug”) in the software that makes the transmissions secure. This software is widely used by many websites across the Internet and was used by such popular sites as Yahoo! Mail. The issue with a specific version of the software, which was released in December 2011, is that it is possible for a hacker to see some of the encrypted information. Unfortunately, it is impossible to tell what, if any, information has been compromised. The vulnerability was only discovered recently by security researchers. 
Although it’s possible that some tax return information has been compromised as a result, the bigger issue is that logon data may have been compromised. If logon information has been compromised, this would allow the hacker to perform any function that the user could have performed by logging into the CRA site using the stolen username and password. As a precaution, CRA has closed down online access to these services until the situation is resolved. 
A new release of the software with this issue fixed is currently available so the first step will be that CRA will upgrade their systems to use the new version. Beyond that, CRA may determine that all existing passwords will have to be changed. For EFILE, that could be resolved by CRA issuing a new password to EFILERs. It has generally been CRA’s policy not to send passwords for other services through email so it remains to be seen how access to Represent a Client, for example, will be restored. It does not appear that any of the Canadian banks that are CRA partners have been compromised so one possibility is that login through a banking partner may be used. CRA has promised daily updates at 3PM EST on their home page until the issue is resolved.
Because this same software is in use by a significant number of online websites, it is possible that passwords have been compromised elsewhere as well. Some pundits are recommending that all Internet passwords be changed, however, you need to be aware that, if you change your password on a site that is still using the old version of the software, your new password may be compromised as well. Be sure that if you have a password on a compromised site that you change it after the site is once again secure. In addition, credit card information may have been compromised if you have used your card for online purchases on a compromised site. Be sure to check your credit card statements carefully for fraudulent use.

0 Comments to CRA Shuts Down “Secure” Services on Security Concerns :

Comments RSS

Add a Comment

Your Name:
Email Address: (Required)
Make your text bigger, bold, italic and more with HTML tags. We'll show you how.
Post Comment