Murphy Battista LLP has filed a proposed class proceeding related to the unauthorized disclosure to a third party of the personal and financial information of thousands of Canadians from their online accounts with the Government of Canada Branded Credential Service (“GCKey”) and the Canada Revenue Agency (“CRA”).

The information was disclosed to a third party during several cyber security incidents targeting GCKey and CRA accounts. The plaintiffs allege that the defendant was aware of cyber security concerns and was aware of vulnerabilities in its security software, both of which put at risk the personal and financial information contained in Class Members’ GCKey and CRA accounts. Despite these concerns and vulnerabilities, the defendant failed to take reasonable steps and precautions to prevent harm to Class Members.

What to do next

If you had your MyCRA account or online accounts shut down, or you have been informed you are affected, learn more about the class action and what to do here: CRA Privacy Breach Class Action.

News coverage on the CRA privacy breach

English

• CRA’s handling of COVID-19 benefit cyberattacks ‘reprehensible,’ alleges proposed class-action lawsuit
• CRA shuts down online services after thousands of accounts breached in cyberattacks

French

• Demande d’action collective contre l’Agence du revenu du Canada après des cyberattaques