Late getting organized for the upcoming tax deadline? You couldn’t have picked a better time to be unprepared.
The CRA pulled the plug on their online tax filing system over the weekend because of security concerns brought about by a dangerous internet bug, Heartbleed. No one seems to know exactly what risks Canadians are facing when it comes to their personal information, however, you will get a deadline extension if you typically file online.
Image courtesy of Victor Habbick / FreeDigitalPhotos.net
This is the most recent update from the Canadian Revenue Agency:
CRA update regarding the Heartbleed Bug – Thursday, April 10, 3pm
After learning of the security vulnerability posed by the Heartbleed bug, the Canada Revenue Agency (CRA) took preventative measures and removed public access to its online services in order to protect the confidentiality of the taxpayer information it holds. Applications affected include online services like EFILE, NETFILE, My Account, My Business Account and Represent a Client.
The CRA continues to work on resolving the issue. In keeping with industry practice, we are currently implementing a solution, or “patch”, for the bug, and are vigorously testing all systems to ensure they will be safe and secure once the site is re-launched.
The Minister of National Revenue has also confirmed that interest and penalties will not be applied to individual taxpayers filing their 2013 tax returns after April 30, 2014 for a period equal to the length of this service interruption.
The Agency appreciates the cooperation and patience of the public and our business and taxpayer representative communities. We remain committed to maintaining the confidence of Canadians by taking all steps necessary to ensure the security of taxpayer information. We will continue to provide further information and daily updates at 3PM EDT on our home page.
What you need to do, right now:
Avoid logging onto websites that could be at risk
This Heartbleed bug is used to acquire and store your usernames, passwords and credit card numbers. It is recommended that you avoid logging in until these companies have created a ‘patch’ to protect your personal information. CNET has a live and running list of many popular websites that were at risk and are in the process of fixing the problem. Check which sites have been patched here.
Change your passwords
Once you check this list, it will tell you which sites have been patched, from there they will most likely prompt you to change your passwords. Please don’t hesitate to do this, just ensure that they have confirmed the fix first. Start with the most important sites: banking and email.
Watch your statements
Assume you have been compromised and keep watch for any funky activity. Pay close attention to your bank statements, credit card statements, email accounts or any other site that stores vital information.
We have provided a list of other sources to keep you updated on this problem. Have a question for us? Don’t hesitate to leave a comment or give us a call 780.722.3000.