The Canada Revenue Agency has shut down public access to its website over security concerns posed by a breach to encryption technology pegged ‘Heartbleed,’ which is being felt worldwide.
The CRA says that the temporary cut off to its electronic services is to ensure the protection taxpayer information, and that it is working to restore safe and secure access.
The timing couldn’t be more pertinent, as it is the busiest time of year for agency, with millions of Canadians filing electronic tax returns and tracking the progress of their tax refunds online. Out of the 6.7 million returns received as of the end of March, 84 per cent of them were filed electronically, reported the Toronto Star.
The security threat, ‘Heartbleed,’ – revealed last week, but apparently undetected for more than two years – affects encryption technology designed to protect online accounts for emails, instant messaging and various forms of electronic commerce. Its reach could expose millions of passwords, credit-card numbers and other sensitive information to theft from hackers, potentially aware of the security breach before it was detected.
People are being advised to protect themselves by changing all of their online passwords. However some experts say this is a wasted effort until affected Internet services install software released Monday to correct the problem.
‘Heartbleed’ creates an opening in SSL/TLS – an encryption technology with a padlock to secure website traffic – making it possible to snoop even when the padlock is closed. The breach only affects OpenSSL, the most common SSL/TSL used by two-thirds of Web servers.
Hackers gain momentum: Study