CRA locks some online taxpayer accounts that may have been accessed by outsiders

·1 min read

OTTAWA — The Canada Revenue Agency says some taxpayers were locked out of their online accounts even though it wasn't the victim of a cyberattack.

The tax agency says an internal analysis revealed evidence that an unspecified number of user IDs and passwords may have been accessed by unauthorized individuals "through a variety of means by sources external to the CRA."

It notified taxpayers Tuesday that their email address had been removed from their account.

Spokesman Charles Drouin says the accounts were not compromised but were locked as a preventive measure.

It is contacting legitimate account holders to unlock their accounts.

Drouin says there is no urgent need for taxpayers to contact CRA imminently unless they are an emergency benefit applicant and have active applications in our system.

"To be clear, these accounts were not impacted by a cyberattack at the CRA," he wrote in an email.

The CRA reminds Canadians to monitor their accounts for any suspicious activity including unsolicited changes to banking, mailing address or benefit applications made on their behalf.

Canadians are also encouraged to change their passwords regularly.

This report by The Canadian Press was first published Feb. 17, 2021.

The Canadian Press