Canada Revenue, The Canada Revenue Agency has become a high-profile casualty in the latest scare over a gaping hole in Internet security.
Canada’s income tax agency said Wednesday that it has cut off public access to a slate of electronic services on its website due to concerns over the so-called Heartbleed Bug — a flaw in widely used encryption software that could leave millions of online passwords and sensitive personal information exposed.
The CRA said it will likely take until the weekend to restore service at its website.
The shutdown — which the CRA called a “preventative measure” — comes just three weeks before the April 30 deadline for Canadians to file personal income tax returns.
It highlights the vulnerability of a steadfast Canadian institution. The prospect of a serious software defect transforms CRA’s electronic records — which hold personal information willingly filed by millions of Canadians taxpayers, such as names, addresses, income and social insurance numbers — into a potential treasure trove for would-be hackers.
“This is a major concern because the type of information that is available in the context of the tax services is extremely private and sensitive,” said Vern Krishna, a law professor at the University of Ottawa and tax counsel at Borden Ladner Gervais LLP.
CRA has stringent confidentiality and privacy rules intended to prevent unauthorized disclosure of tax information, Krishna said.
“Presumably they will be testing the systems to see that they are robust — because, frankly, if they’re not and there has been a massive disclosure, that will undermine confidence in the tax system.”
CRA said in a statement that it will “continue to investigate any potential impacts to taxpayer information.”
It also said Canadians who owe income taxes for 2013 will be exempt from interest and penalties on returns filed after the April 30 filing deadline for a period equal to the length of interruption in service.
That grace period was confirmed by the minister of national revenue.