The Canada Revenue Agency locked roughly 800,000 accounts after a routine check found that the login information was available to “unauthorized individuals,” the federal tax agency said Friday.
Impacted users will be locked out of their accounts as a preventive measure until they create a new user ID and password, the CRA said in a statement.
The accounts were not compromised as a result of a cyberattack or breach of the agency’s online systems, the CRA said.
Instead, the login information may have been obtained by unauthorized third parties “through a variety of means by sources external to the CRA,” including email phishing schemes, the agency said.
The statement comes less than a month after the tax agency issued a similar warning that an unspecified number of user IDs and passwords had been locked as they may have been accessed by unauthorized individuals.
The federal agency said Friday that “locking accounts in this manner is part of normal CRA operations.”
Yet with tax season underway – the general deadline to file is April 30 – the agency said it wanted to ensure Canadians are properly informed on the matter.
It also warned that preventive measures such as the locking of user accounts “are not isolated incidences and may become more frequent to safeguard taxpayers’ information.”
Canadians should monitor their CRA accounts for any suspicious activity including unsolicited changes to banking, mailing address or benefit applications made on their behalf, the agency said.
In addition, passwords should be updated regularly, the CRA said.