AAPL Stock: 110.38 ( + 0.8 )

Printed from

Heartbleed facilitates identity theft from Canada Revenue Agency

updated 02:58 pm EDT, Mon April 14, 2014

900 taxpayers lose social insurance numbers to OpenSSL flaw

Canada's tax administration has reported that around 900 people have had personal data stolen, with the miscreants making off with the data using the Heartbleed bug. Taken by the hackers are social insurance numbers (similar to Social Security numbers in the US), and potentially other data. The breach is the first directly pointing at the Heartbleed bug as the main vector of attack.

The Heartbleed bug has existed since March 2013, and puts at risk not only the contents of encrypted online communications, but also the SSL keys used in the transmission. Heartbleed appears in the widely-available OpenSSL version 1.0.1, as well as the beta of 1.0.2, with the former version being used in a large proportion of servers.

Heartbleed allows attackers to reveal credit card details in a transaction over HTTPS through exploitation of RAM space. The severity of the issue potentially allows for the SSL keys to be used to enter a server without leaving any sign of an intrusion. Many major services are either immune to the attack, or have since patched any flaw -- but smaller services, and some hardware, remain susceptible.

Security firm Cybereason's chief executive Lior Div said of the attack that "we are in a race. People who hadn't thought about using this type of attack will use it now." Div believes that the simplicity of the attack will allow "unsophisticated hackers" to utilize publicly-accessible tools.

Regarding the breach, the Canada Revenue Agency claimed that "we are currently going through the painstaking process of analyzing other fragments of data, some that may relate to businesses, that were also removed." The service was shut down on Wednesday, in the middle of tax season. The CRA claims that no other attacks were made before or after the Heartbleed attack.

by MacNN Staff





  1. dxtr

    Fresh-Faced Recruit

    Joined: 10-30-08

    How could they know this if Haertbleed leaves no trace?
    What fragments could they find or hope to "analyze" if, wait for it, ... "Heartbleed leaves no trace"? Does this mean something different in Canada?

  1. shawnde

    Fresh-Faced Recruit

    Joined: 04-01-08

    No, it means that the CRA simply doesn't know what it's doing .... which is par for the course .... they're a clueless government entity just like the rest. I'll bet that the server was running on some old Pentium Box under a clerk's desk :-)

Login Here

Not a member of the MacNN forums? Register now for free.


Network Headlines

Follow us on Facebook


Most Popular


Recent Reviews

Polk Hinge Wireless headphones

Polk, a company well-established in the audio market, recently released a new set of headphones aimed at the lifestyle market. The Hin ...

Blue Yeti Studio

Despite being very familiar with Blue Microphones' lower-end products -- we've long recommended the company's Snowball line of mics ...

ZTE Spro 2 Smart Projector

Home theaters are becoming more and more accessible these days, but maybe you've been a bit wary about buying a home projector. And h ...


Most Commented