On Sunday 16th of August 2020, The Canadian Revenue Agency issued a statement about their site being compromised after two separate attacks on the site and an estimated 5,500 accounts were compromised. Following the attacks, the service was shut down and as of the date of this post – 19th of August 2020, the CRA site is still not online/active.
Following this attack, the Canadian Government has warned people against reusing old passwords because the cyberattack that was used is known as a Credential Stuffing attack. This is when previously compromised credentials are used on other services to try to get access to it because users are known to reuse credentials across various platforms.
There is a possibility that this is connected to last year’s breach. In December 2019 it was announced that LifeLabs one of Canadians largest medical services was compromised by hackers and about 15 million customer accounts were accessed.
These attacks on the Canadian Revenue Agency points to attackers trying to steal CERB payments which were put in place as a way to financially assist people due to the COVID-19 impact on jobs. There were several reports from users saying they received an email stating their direct deposit information has been changed and their CERB payments will be sent to the new payment information when they did not apply for the CERB payment and also did not change their information.