Federal government says emails, phone numbers accessed in cyberattack

Cyber security concept. alternate text for this image — Cyber security concept. Shield With Keyhole icon on digital data background. Illustrates cyber data security or information privacy idea. Blue abstract hi speed internet technology.

The federal government says individuals’ email addresses and phone numbers linked to Canada Revenue Agency, Employment and Social Development Canada and Canada Border Services Agency accounts were accessed in a cyberattack.

The Treasury Board of Canada Secretariat says the government was alerted to the incident on Aug. 17 by 2Keys Corporation, the provider of a multi-factor authentication application used for the accounts.

The government says 2Keys discovered the breach, promptly informed authorities and launched an investigation, which is being conducted with external cybersecurity experts.

Treasury Board says a routine software update caused a “vulnerability” that allowed a malicious actor to access phone numbers associated with CRA and ESDC accounts and email addresses linked to CBSA accounts for people who used the authentication service between Aug. 3 and Aug. 15.

The government says the actor sent spam text messages to some of the phone numbers with a link to a website designed to look like a Government of Canada site.

Treasury Board says the multi-factor authentication service has been restored and there is no indication that any additional identifiable personal information or sensitive data was disclosed.

Subscribe to our newsletters

Catherine Morrison, The Canadian Press

Scotia reaches NSF fees class action settlement

Opinion: Who will pay for CIRO’s data breach?

Nova Scotia budget has $1.2B deficit, cuts to public service