For several days, Canadian taxpayers trying to log onto Canada Revenue Agency’s (CRA) online services have found themselves blocked by a ‘systems maintenance’ notification. The decision to take the agency offline was prompted by a cybersecurity vulnerability that has reportedly affected various organisations around the world.
The CRA has confirmed that they have now restored all digital services. While acknowledging that the interruption would likely be inconvenient to taxpayers, the agency had earlier stated that the shutdown was in response to an alert on the Apache Log4j Vulnerability. This was in relation to a widely used software tool that was found to be actively being scanned and exploited. The CRA did however release a statement assuring that there was no indication that their systems had been affected, nor that any taxpayer information has been accessed.
This particular vulnerability was found on open source software that is used to run websites and support other web services for everything from online gaming to enterprise software. Experts have described it as one of the worst cybersecurity discoveries in recent years. Due to the widespread use of the software, the internet has been put on high alert due to the likelihood of hackers ramping up efforts to target weak systems.
A critical vulnerability is a term used to indicate that had the vulnerability not been addressed, it could have led to programmers and criminals being able to access and steal valuable and sensitive personal data. The CRA used social media to notify the public that while the systems were down, they would be making appropriate security upgrades to their systems.
The CRA was not the only public agency to shut down services in response to this concern. Ontario’s Metrolinx also temporarily took its GO Transit online services offline for less than a day. The transport agency confirmed that it had upgraded its security against this vulnerability and that no customer information was compromised. Quebec also shut down about 4,000 government sites in response to the vulnerability. This included those used for education, health, and public administration.
Defence Minister, Anita Anand, has advised groups that use the Apache Log4J system to pay attention to this vulnerability. She said given that the critical nature of the problem and reports of exploitation, that Canadian organisations follow the recommended guidance and also report any incidents of hacking to the Canadian Centre for Cyber Security. The recommended guidance includes suggested updates for patching and for Java 7 users to refer to Apache for specific actions.
Contact Accountancy Insurance
We would love to hear from you.
About Accountancy Insurance:
Thousands of accounting firms offer our tax audit insurance solution, Audit Shield to their clients. Find out why.