The Canada Revenue Agency (CRA) is reporting that about 900 Social Insurance Numbers (SIN) have been obtained from its site by hackers exploiting the Heartbleed computer vulnerability
The agency reported Monday morning that each of the people involved will receive a registered letter informing them of the breach of security. They will not be contacted through email or other electronic methods.
The victims will be provided counsel on how to proceed and the CRA will pay for their access to credit protection services and take measures to protect their accounts from unauthorized activity.
The CRA online services are now reportedly safe and secure and the RCMP is investigating the breach.
"Regrettably, the CRA has been notified by the Government of Canada's lead security agencies of a malicious breach of taxpayer data that occurred over a six-hour period," tax agency Commissioner Andrew Treusch said.
"We are currently going through the painstaking process of analyzing other fragments of data, some that may relate to businesses, that were also removed," he said.
Analysis shows that no other CRA infiltrations took place before or after this breach.
The tax agency removed public access to its online services on April 8, after learning its systems were vulnerable to the Heartbleed bug.
The CRA says it "worked around the clock" after the temporary shutdown to implement a "patch" for the bug, and test all systems, before relaunching online services on Sunday.
The Privacy Commissioner of Canada was informed of the breach on Friday.
