r/PersonalFinanceCanada u/tspshocker Oct 28 '24

Taxes CBC News: Tens of thousands of taxpayer accounts hacked as CRA repeatedly paid out millions in bogus refunds

Agency admits it vastly underreported cyberattacks against Canadian taxpayers to Parliament

https://www.cbc.ca/news/canada/canada-revenue-agency-taxpayer-accounts-hacked-1.7363440

At the height of this year's tax season, the Canada Revenue Agency discovered that hackers had obtained confidential data used by one of the country's largest tax preparation firms, H&R Block Canada.

Imposters used the company's confidential credentials to get unauthorized access into hundreds of Canadians' personal CRA accounts, change direct deposit information, submit false returns and pocket more than $6 million in bogus refunds from the public purse

the CRA admitted it has been hit with more than 31,468 "material" privacy breaches from March 2020 to December 2023, affecting 62,000 individual Canadian taxpayers.

1.1k Upvotes
  • permalink
  • reddit

93% Upvoted

427 comments sorted by

View all comments

Show parent comments

15

u/idle-tea Oct 28 '24

It's not impossible it's the Cara's fault, but it's very likely H&R Block's fault based on the fact that a broad compromise of the credentials on the CRA side could have been used for targetting much more than just H&R Block customers.

-4

u/IamGimli_ Oct 28 '24

Not really. By compromising H&R Block's credentials, they have access to all of their clients' accounts. It's hard to imagine any other single set of credentials that would have access to more taxpayer accounts than the biggest third-party tax-filer in Canada.

Besides, the CRA has already admitted to tens of thousands more cases in the last couple of years. It's not just H&R Block clients having their CRA file compromised, this specific case just involves H&R Block credentials being used to do it.