Many Canadians have been receiving emails from the Canadian Revenue Agency (CRA) informing them that their email has been removed from their account.
Initially, many took to social media to voice concerns that the CRA had been hacked. However, a representative with the agency confirmed it was actually the opposite.
According to Christopher Doody, a media relations representative with the CRA, the reason these users’ emails were removed from their accounts was to protect their data.
These emails were removed because the CRA determined a third-party had encountered a data breach, and the users who received these emails also used the same information for their CRA accounts.
“If the CRA detects a third-party has experienced a data breach, and they also see that a user is reusing the information they use for their CRA account, the account gets frozen as a precautionary measure,” Doody says in a phone interview with Quickbite News.
When data breaches happen, anyone who uses the same information for multiple accounts (most people), is at a greater risk.
“If someone tries to sell these thousands of credentials that were hacked from somewhere else on the dark web, whoever buys this information is going to see if they can use it to access other accounts, such as the CRA or TD Bank, or what have you,” Doody says.
Additionally, anyone who received such an email will also receive a letter in the mail, informing them of the next steps they will need to take to restore their account.
“This is going to be an ever-evolving thing that the CRA is doing, this is the reality of 2021—we’re going to continually be facing threats, and fraudsters and hackers are going to continuously try to defraud taxpayers and the government,” Doody adds.