Acting chief information officer for the Treasury Board of Canada Secretariat doesn’t believe the system failed when it was hacked on the weekend. He points out the proportion of accounts impacted versus the total number of accounts, on a system that has thousands of transactions every day.
Marc Brouillard said Monday that by using previously hacked user names and passwords, what he terms as “bad actors” were able to acquire just over 9 thousand of the 12 million GCKey accounts. He says a third of those are being examined further for suspicious activities.
Brouillard calls it credential stuffing and emphasizes this is why it is so important to use a different password on every website and change it frequently.
The CRA was shut down temporarily Saturday morning until the vulnerability in their system was patched. Users whose credentials were compromised will receive a letter to advise them on how to receive a new GCKey.
GCKey is used by approximately 30 federal departments so Canadians can access things like Employment and Social Development Canada’s My Service Canada account.
Lori MacDonald, Chief Operating Officer with Service Canada, says they sent emails to every Employment Insurance client that was compromised, they set up a special 1-800 number, and call centres were kept open on the weekend and in evenings so clients could get back on line and authenticated.
(CJWW)