Watchdog reports more than 42,000 CRA account breaches since 2020
CRA privacy breaches: over 42,000 incidents raise taxpayer data concerns See why the watchdog flagged security gaps and what CRA is changing next
Canada’s privacy commissioner says the Canada Revenue Agency has recorded more than 42,000 breaches since 2020, involving unauthorized access to or changes made to taxpayer information.
In a report tabled in Parliament, Commissioner Philippe Dufresne said the agency had gaps in how it prevents, monitors, detects, and responds to breaches. The report also said CRA’s tracking systems were not detailed enough to account for every confirmed incident.
The watchdog said CRA did not introduce mandatory multifactor authentication quickly enough and did not always use security practices considered standard. The commissioner made nine recommendations, most of which were accepted by the agency.