AAPL Stock: 118.03 ( -0.85 )

Printed from

Heartbleed facilitates identity theft from Canada Revenue Agency

updated 02:58 pm EDT, Mon April 14, 2014

900 taxpayers lose social insurance numbers to OpenSSL flaw

Canada's tax administration has reported that around 900 people have had personal data stolen, with the miscreants making off with the data using the Heartbleed bug. Taken by the hackers are social insurance numbers (similar to Social Security numbers in the US), and potentially other data. The breach is the first directly pointing at the Heartbleed bug as the main vector of attack.

The Heartbleed bug has existed since March 2013, and puts at risk not only the contents of encrypted online communications, but also the SSL keys used in the transmission. Heartbleed appears in the widely-available OpenSSL version 1.0.1, as well as the beta of 1.0.2, with the former version being used in a large proportion of servers.

Heartbleed allows attackers to reveal credit card details in a transaction over HTTPS through exploitation of RAM space. The severity of the issue potentially allows for the SSL keys to be used to enter a server without leaving any sign of an intrusion. Many major services are either immune to the attack, or have since patched any flaw -- but smaller services, and some hardware, remain susceptible.

Security firm Cybereason's chief executive Lior Div said of the attack that "we are in a race. People who hadn't thought about using this type of attack will use it now." Div believes that the simplicity of the attack will allow "unsophisticated hackers" to utilize publicly-accessible tools.

Regarding the breach, the Canada Revenue Agency claimed that "we are currently going through the painstaking process of analyzing other fragments of data, some that may relate to businesses, that were also removed." The service was shut down on Wednesday, in the middle of tax season. The CRA claims that no other attacks were made before or after the Heartbleed attack.

by MacNN Staff



  1. dxtr

    Fresh-Faced Recruit

    Joined: 10-30-08

    How could they know this if Haertbleed leaves no trace?
    What fragments could they find or hope to "analyze" if, wait for it, ... "Heartbleed leaves no trace"? Does this mean something different in Canada?

  1. shawnde

    Fresh-Faced Recruit

    Joined: 04-01-08

    No, it means that the CRA simply doesn't know what it's doing .... which is par for the course .... they're a clueless government entity just like the rest. I'll bet that the server was running on some old Pentium Box under a clerk's desk :-)

Login Here

Not a member of the MacNN forums? Register now for free.


Network Headlines

Follow us on Facebook


Most Popular


Recent Reviews

Ultimate Ears Megaboom Bluetooth Speaker

Ultimate Ears (now owned by Logitech) has found great success in the marketplace with its "Boom" series of Bluetooth speakers, a mod ...

Kinivo URBN Premium Bluetooth Headphones

We love music, and we're willing to bet that you do, too. If you're like us, you probably spend a good portion of your time wearing ...

Jamstik+ MIDI Controller

For a long time the MIDI world has been dominated by keyboard-inspired controllers. Times are changing however, and we are slowly star ...


Most Commented