“We have (put in place) controls to verify payments (…) but I don’t think there will be a long delay in payments. It’s just to verify that the person who requested a payment is really the (right) person, ”offered Annette Butikofer, deputy commissioner at the CRA, during a press briefing in Ottawa on Monday morning.
Annette Butikofer also stressed that companies will be able to apply for wage subsidies, as planned. The first period of the enhanced form of the Canada Emergency Wage Subsidy began on Monday and this online feature is available.
The CRA’s 1-800-959-8281 telephone line is also still on.
However, officials are asking Canadians not to call there to see if they are among the victims. CRA is mailing letters to affected people. For its part, the Ministry of Employment has instead reached its users by email.
All victims are urged to verify that their other personal online accounts, bank accounts or social media, have not also been affected by the cyber attack.
A first attack last week
Officials dispatched Monday morning to a press conference tried to explain why they did not raise an alert earlier than last weekend.
A first “potential problem” was noticed on August 7, explained Ms. Butikofer. Of actions were taken to protect the CRA system, then, the RCMP were notified on August 11.
“We were very confident that the control was fine but after (the events involving) GCKey, we noticed an attack on Saturday and we decided (then) to block and close our gate,” she said.
On Saturday, “there were 300,000 attacks on our system and we were no longer sure that the system was protected,” she added.
Without wanting to minimize the episode, the Treasury Board representative at the press conference pointed out that the attack reached some 9,000 people out of a potential 12 million who use GCKey and some 5,600 people out of a potential 15 million registered. at the CRA.
“This is not an attack where pirates are trying to go through the back door. They have access to the system in the same way as normal users, (…). So it’s hard to notice their presence in the midst of legitimate transactions, ”noted Marc Brouillard, chief technology officer at the Treasury Board of Canada Secretariat.
RCMP investigation
The Royal Canadian Mounted Police (RCMP) have launched an investigation into the cyber attacks. It is already assumed that hackers got their hands on the passwords of their Canadian victims thanks to past personal data leaks that involved banks, among others.
“It’s possible there is a link,” agreed Brouillard.
“It is often in these attacks that information is sold on the dark web, it is an accumulation of several (pirated information), then it would be possible that one would never be able to specify exactly the source ”, he argued.
–
