September 4, 2020
The class action involves the fallout of cyberattacks on CRA and GCKey accounts earlier in the year that resulted in the disclosure of personal and financial information. In some cases, that information appears to have been used to engage in “credential stuffing” attacks. Credential stuffing is the use of passwords and usernames collected from previous hacks and cyberattacks to take advantage of the fact that many people reuse passwords and usernames across multiple accounts. The objective may have been to gain access to accounts of Canadians who were applying for CERB and CESB benefits. The cyberattacks are still under investigation.
Read the full article here: Canadian government named in class-action privacy breach lawsuit.
For more information on the class action and next steps if you have been affected see: CRA Privacy Breach Class Action.