The Canada Revenue Agency (CRA) temporarily suspended its online services after two cyberattacks where hackers used thousands of stolen usernames and passwords of Canadians to fraudulently get government services, so here is what you need to know now.


A total of 5,500 CRA accounts were targeted in these cyber attacks which the federal government described as  “credential stuffing” schemes. The term “credential stuffing” means your credentials (username and password) are obtained, and then the information is “stuffed” or inserted into various popular websites by hackers until they find success.


Another 9,000 or so accounts were affected by the GCKey attack. A spokesperson for the Treasury Board, which manages the public service, said the government detected attempts to access accounts in at least 24 different departments, including Employment and Social Development Canada and Immigration, Refugee and Citizenship Canada.

The shutdown of CRA’s online services means that anyone attempting to apply for emergency COVID-19 benefits, such as the Canada emergency response benefit, the emergency student benefit or the federal wage subsidy for businesses, will be unable to do so until further notice.


The most crucial things you can do to protect yourself say experts is to have a unique username and password for EVERY site you use.  Also, do not save the password and username information when you are prompted to do so, instead re enter them every time.

By taking these steps above it will be more inconvenient in the short term, but in the long term the efforts will pay off.  In other words use proper cyber hygiene.

The Canadian Anti-Fraud Centre says more than 13,000 Canadians have been victims of fraud totalling $51 million this year. There have been 1,729 victims of COVID-19 fraud worth $5.55 million.

To receive similar content, “Like” us on Facebook @



Let us know what you think!