Hackers Breach into Over 10,000 Canadian Government Accounts, Targeting COVID-19 Relief Package

In two separate cyberattacks, 9,041 GCKey accounts were compromised while around 5,500 CRA accounts were breached utilizing reused usernames and passwords

Thousands of Canadian government accounts were compromised following cyberattacks, authorities confirmed on Saturday, August 15. The attacks were aimed at stealing COVID-19 relief packages.

In two separate cyberattacks, usernames and passwords of 9,041 GCKey service were hacked. Around 30 government departments use GCKey service. In another attack, about 5,500 Canada Revenue Agency (CRA) accounts had been compromised.

The Treasury Board of Canada Secretariat said that passwords and usernames "were acquired fraudulently and used to try and access government services." Although the breach has now been contained, the agency revealed that CRA's My Account, My Business Account and Represent a Client service were affected in the cyberattacks.

wannacry hero marcus hutchins arrested
Hackers utilized reused username and passwords to gain access int GCKey accounts (representational image) Reuters

"The CRA quickly identified the impacted accounts and disabled access to these accounts to ensure the safety and security of the taxpayer's information," CRA spokesperson Christopher Doody told Global News in an email.

Reused Usernames and Passwords

The federal agency revealed that the attack was "credential surfing" in which hackers used previously collected usernames and passwords in a worldwide hack to access the accounts. "These attacks took advantage of the fact that many people reuse passwords and usernames across multiple accounts," it said.

Apart from CRA, out of 12 million GCKey accounts, 9,041 were accessed using previously set passwords. The GCKey account allows Canadians access to government service and benefits including COVID-19 financial packages.

GCKey Login
9,041 GCKey accounts were compromised with associated email IDs altered to seek COVID-19 relief package Canada.ca

"Of the roughly 12 million active GCKey accounts in Canada, the passwords and usernames of 9,041 users were acquired fraudulently and used to try and access government services, a third of which accessed such services and are being further examined for suspicious activity," the statement read.

Target COVID-19 Package

These attacks were mainly targeted at CERB (Canada Emergency Response Benefit) financial aid for those who were impacted by the COVID-19 pandemic. For the last two weeks, many Canadians have reported that their email addresses linked to CRA accounts have been changed with banking information altered. Many have also reported that they were issued CERB financial aid even though they had not applied for such packages.

The Canadian Anti-Fraud Centre had received over 700 reports of identity fraud linked to CERB. In response, the agency had suspended many of the accounts to prevent such cybercrime. The CRA has already started sending letters to those affected by the hacks urging them to confirm their identity and regain access to their accounts.

Twitter post
Many Canadians have reported breach in their CRA accounts Twitter/ @chrisalecanada

"The government is continuing its investigation, as is the RCMP (Canadian police) to determine if there have been any privacy breaches and if the information was obtained from these accounts. As well, the Office of the Privacy Commissioner has been contacted and alerted to possible breaches," Office of the Chief Information Officer said in the statement.

It further urged users to use unique passwords and not to reuse them while also change it on a regular basis. "To help reduce the risk of cyberattacks, always use a unique password for all online accounts. Do not reuse the same password for different systems and applications and regularly monitor all online accounts for suspicious activity," it added.

Since the COVID-19 outbreak turned into a pandemic in March, governments around the world have started rolling out financial packages to its citizens. Hackers and scammers have targeted those benefits frequently. There has been an increase in such attacks since March as the world plunged into a lockdown state.

Related topics : Coronavirus Cybersecurity