Canada Privacy Watchdog Reports Over 42,000 Tax Account Breaches

Canada's privacy commissioner reported that more than 42,000 taxpayer accounts at the Canada Revenue Agency were breached since 2020 ^[1].

The scale of the unauthorized access highlights critical vulnerabilities in the federal government's financial data infrastructure. These breaches expose the personal information of thousands of citizens to potential identity theft and financial fraud.

The federal privacy watchdog said the breaches involved the unauthorized access or modification of personal tax information ^[1]. While some reports indicate the number of affected accounts is nearly 45,000 ^[3], other verified sources state the figure is more than 42,000 ^[1], ^[2]. These incidents occurred over a period spanning 2020 to 2023 ^[1].

Security weaknesses within the Canada Revenue Agency systems allowed cybercriminals to gain entry to these accounts ^[2]. The watchdog said that the agency's delayed adoption of multi-factor authentication contributed to the risk ^[2]. This security layer is designed to provide a second form of verification beyond a password, a standard practice that the agency was slow to implement.

The privacy commissioner is now calling for urgent action to strengthen protections ^[3]. The report said that the current security posture was insufficient to prevent the volume of breaches recorded over the three-year window ^[2].

The Canada Revenue Agency has not yet detailed a comprehensive timeline for the full rollout of updated security protocols to all users. However, the watchdog's findings serve as a formal warning that the agency's systems remain a target for coordinated cyberattacks ^[2].