Private data not compromised in site breach: StatCan
OTTAWA A security breach at Statistics Canada’s main website prompted the government to shut down a number of services over the weekend, including electronic tax filing at the Canada Revenue Agency, officials confirmed Monday.
That shutdown helped to ensure that the private information of Canadians was never compromised, officials said during a briefing to explain why the statistical agency’s site and that of the CRA had been largely unavailable.
Federal IT security officials were made aware of a bug in a computer program widely used by the federal government late Wednesday, Shared Services Canada’s chief operating officer, John Glowacki, told the briefing.
But it wasn’t until Thursday, after a breach was discovered at Statistics Canada, that the plug was pulled on the agency’s web servers.
“Thursday, at about midday, the StatCan information came to light ... based on a variety of systems we have scanning the environment,” Glowacki explained. “Within, I’d say, three to four hours ... (from) when we recognized that there was activity on the server that wasn’t authorized, it was taken off-line.”
That action launched a cascade of events that resulted in online services at the Canada Revenue Agency being shut down as well.
The tax agency took several of its web-based services off-line as a precaution Friday as IT experts scanned other government departments to see whether they could be affected by a problem that was detected in computer servers used by websites worldwide.
By late Sunday, CRA reported it had fixed its systems, tested for the vulnerability and had brought the services back online.
The CRA services affected by the shutdown included “My Account,” “My Business Account,” “Netfile,” “EFILE” and “Auto-Fill My Return.” Statistics Canada’s main website was also back up and running by late Sunday.
Officials maintained that no personal data had been compromised before CRA took what they described as a preventive measure.
“There was unauthorized access to our web server,” Gabrielle Beaudoin, director general of communications at Statistics Canada, confirmed. “That server does not contain any personal or sensitive information.”
The government also said all affected departments “acted very quickly” to deal with the issue.