The Latest in IT Security

Canadians’ Tax Data Stolen in Heartbleed Breach

14
Apr
2014

OTTAWA, – Personal data for as many as 900 Canadian taxpayers was stolen after being made vulnerable by the “Heartbleed” bug, officials in Ottawa said on Monday.

Andrew Treusch, Commissioner of Canada Revenue Agency (CRA), said government security agencies notified his office “of a malicious breach of taxpayer data that occurred over a six-hour period” last week.

Treusch said approximately 900 social insurance numbers — nine-digit codes required for working or accessing government benefits in Canada — “were removed from CRA systems by someone exploiting the Heartbleed vulnerability.”

Government officials, he added, are combing through CRA systems and “analyzing other fragments of data, some that may relate to businesses, that were also removed.”

Federal police are also investigating, Treusch said.

The CRA last week shuttered its website over concerns about the Heartbleed bug. It was rebooted over the weekend after a patch was installed.

The recently-discovered flaw in online-data scrambling software OpenSSL allows hackers to eavesdrop on online communications, steal data, impersonate websites and unlock encrypted data.

OpenSSL is commonly used to protect passwords, credit card numbers and other data sent via the Internet.

More than half of websites use the software, but not all versions have the same vulnerability, according to heartbleed.com.

Cybersecurity firm Fox-It estimates that the vulnerability has existed for about two years, since the version of OpenSSL at issue was released.

Computer security specialists, website masters and others became aware last week of problems posed by the “Heartbleed” bug after several reports of hacking.

Related: Heartbleed Exposes Web Server’s Private SSL Keys

Related:Why The Heartbleed Vulnerability Matters and What To Do About It

Additional Resources:

•Is Your Enterprise Managing Certificates? Three Reasons It Should Be.

•Forrester Attacks On Trust Report

•Heartbleed Bug Advisory Whitepaper from Accuvant Labs(PDF)

Tweet

© AFP 2013Previous Columns by AFP:Canadians Tax Data Stolen in Heartbleed BreachGerman Space Research Center Under Espionage Attack: ReportNSA Denies Exploiting Heartbleed VulnerabilityCourt Reverses Conviction of Security ResearcherHeartbleed Bug Shutters More Canadian Govt Websites

sponsored links

Tags: NEWS INDUSTRY

Vulnerabilities

Related posts:
  1. Canada taxpayer data stolen in Heartbleed breach
  2. Heartbleed Bug Shutters More Canadian Gov’t Websites
  3. ‘Heartbleed’ Vulnerability Plugs Canada Tax Filing Website at Crunch Time
  4. ‘Heartbleed’ bug in web technology seen as major threat to user data
  5. Security Brief: Heartbleed Bug, Google Vulnerabilities, Arrested Hackers

Tags:  
Written by SecurityWeek
0 Comments
Comments are closed.

Categories

FRIDAY, APRIL 19, 2024
WHITE PAPERS

Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...

Featured

Archives

Latest Comments