Have you created a ShazzleMail account on your smartphone? This is a required first step.

Yes No

Free Encrypted Email

_92023784_thinkstockphotos-482112104

CRA’s largest privacy breach happened in Western Canada

July 7, 2017

In what is officially the largest privacy breach in the Canada Revenue Agency’s history, an employee in Western Canada improperly accessed more than 1,200 records at a Prairie region tax office.

The CRA fired the employee involved in the breach, but it will not disclose which of the Prairie region offices it occurred at due to “confidentiality considerations,” said spokesperson Marie Tichborne via an emailed statement.

The Prairie region consists of offices in Saskatoon, Regina, Brandon, Winnipeg and locations in Alberta.

A security and internal affairs investigation into the incident was launched in March 2016, according to documents provided to The StarPhoenix following an Access to Information request. The documents did not reveal information about the employee who was responsible for the breach or the date the incident occurred.

The investigation found that a CRA employee looked at the accounts of 38 people in detail, as well as his or her own account. The employee also glanced at 1,264 accounts after using the search function, entering various surnames and postal codes.

The employee didn’t make changes to any of the accounts, but they were able to see the names, contact information, social insurance numbers, income and deductions and employment information for the taxpayers.

The investigation also found that the “risk of injury” to the 1,264 accounts were low because the information was on-screen for an estimated two seconds each and the employee didn’t access any of them directly.

Tichborne wrote that the CRA doesn’t track the statistics when it comes to the province of residence of the affected taxpayers.

Only the 38 taxpayers whose information was directly accessed were notified of the breach.

“However, it’s important to note that with respect to the 1,264 accounts improperly accessed by a single CRA employee, these accounts were viewed for approximately two seconds per account. Therefore, out of the 1,264 taxpayers, none were notified of the breach,” she said in the written statement.

The CRA issued a statement, saying it takes the protection of Canadians’ tax information “very seriously.” It went on to say in the statement that CRA employees are required to review the agency’s Code of Integrity and Professional Conduct and confirm they have read it, on an annual basis.

The agency employs more than 40,000 people nationwide.

This past March, the agency said it implemented a new technology that monitors its employees’ access to taxpayer information and “will flag accesses that appear inconsistent with the employees’ assigned workloads or duties.” The project cost $10.2 million.

Tags: , ,

Introducing ShazzleMail Email and How it Works

Privacy is your Fundamental Human Right.

Our Daily Blog
ph
HACK BRIEF: ONEPLUS PHONES HAVE AN UNFORTUNATE BACKDOOR BUILT IN
November 16, 2017

ONEPLUS SMARTPHONES HAVE developed a bit of a cult following, thanks to a combination of design and ...

Read more
725_ly9jb2ludgvszwdyyxbolmnvbs9zdg9yywdll3vwbg9hzhmvdmlldy9lndczzdrknjc3mjc1ngnkogzjnmfmmmq2owu4nji3ys5qcgc
Experienced IP Litigator, Cybersecurity & Data Privacy Lawyer Gabriel Ramsey Joins Crowell & Moring
November 13, 2017

SAN FRANCISCO, Nov. 13, 2017 /PRNewswire/ -- Crowell & Moring LLP is pleased to announce the add...

Read more
150522100240-amazon-delivery-780x439
Amazon Key’s big privacy test is now in your hands
November 7, 2017

Amazon Key's debut was merciless. People took to social media two weeks ago to deride the new in-...

Read more
pr
Why some privacy experts are spooked by iPhone X’s facial recognition feature
November 2, 2017

SAN FRANCISCO — Apple Inc. won accolades from privacy experts in September for assuring that facia...

Read more
maxresdefault
Always-on Voice Technology Raises Privacy Concerns
October 30, 2017

New technologies positively advertise constant microphone monitoring–but is it what consumers want...

Read more