In the wake of two massive cyber attacks that breached thousands of Canada Revenue Agency accounts, a Saskatchewan woman has found that her CRA access was illegally used to redirect CERB proceeds to another bank.
Mirroring and a worryingly growing number of Canadians, Regina resident Jenn Fink told CBC News that a fraudster applied for CERB using her CRA account. Said account was among those hacked in the recent cyberattacks.
“I was just checking my email and I got a legitimate email from CRA saying that my email address had essentially been removed from my account and that I wouldn’t be getting any more notifications through this email address,” Fink said. “It was a legit email from CRA, I had recently received the same sort of style of email that told me my notice of assessment was ready when I did my taxes.”
A closer look at her CRA account through another device revealed major changes to her profile, most notably her deposit preferences.
“It went to a different bank altogether,” Fink said. “It all happened pretty quick, I just happened to check my email at the right time. … [The fraudsters] changed my email first so I wouldn’t get notification of the direct deposit changing or notification of the applications to CERB, so when I realized that they had made that application, I called CRA and they confirmed that, yeah, my account had been hacked.”
While the CRA has yet to get back to Fink on how her account was compromised, the agency has already advised her to warn major credit unions that fraudsters might have access to other vital data like her social insurance number.
Christopher Doody, spokesperson at CRA spokesperson, said in an email to CBC News that the agency has “quickly identified the impacted accounts and disabled access to these accounts to ensure the safety and security of the taxpayer’s information.
“The CRA is continuing to analyze both incidents. Law enforcement assistance has been requested from RCMP and an investigation has been initiated.”