Canada Revenue Agency grappling with more unauthorized access

Share this article:

A tax inspector in Vancouver, British Columbia used the Canada Revenue Agency's (CRA) computers to look up hundreds of citizens' tax records inappropriately for four years, in what amounts to the largest data breach in the agency's history.

The tax inspector, who ran a personal business on the side, used the agency's system to access the tax records of high net worth individuals in what officials suspected was an attempt to further her business venture.

CRA investigators, who first became aware of the situation two years ago, searched the tax inspector's workstation and found 407 social insurance numbers written on scraps of paper. She appeared to have accessed the tax records for most of them, even though they did not appear to involve cases on which she was working.

The woman, who no longer works for the CRA, accessed the records illegitimately between 2005 and 2008.

The case surely will be embarrassing for the Canada Revenue Agency, which just last month was forced to release internal documents showing that dozens of citizens had their files misappropriated by workers.

Last year, the CRA found that another tax worker, based in Burnaby, BC, had been accessing taxpayer information of single women, one of which he later entered into a personal relationship. He had also accessed the tax information of his former common-law spouse, his mother and a co-worker.

The CRA said that it would not be contacting the taxpayers concerned, as the breach did not constitute a threat to their tax details. It was also working hard to improve its means of detecting unauthorized access, a spokesperson added.

Share this article:
close

Next Article in SC Canada

THE LATEST ISSUE

Features

Archive of SC Magazine Canada

SC Magazine Canada

THE LATEST ISSUE

Features

Archive of SC Magazine Canada

SC Magazine Canada

More in SC Canada

Health law needs reform, says provincial privacy watchdog

The Albertan Information and Privacy Commissioner has formally asked the government to amend the province's Health Information Act with mandatory breach reporting and notification measures.

Well.ca security not that well, letter reveals

Well.ca, an online store selling health and beauty products, exposed names, addresses and credit card details for some of its customers in December, it admitted last month.

Canada signs Wedge Networks to secure government data centers

The Canadian government has hired Wedge Networks, a provider of cloud-based security services, to secure its computing infrastructure.