CRA’s computer network security suffers from ‘lack of monitoring:’ Audit

Article content

Filing your Canadian taxes digitally?

Article content

You may have cause to be concerned about how secure your information is, according to an internal audit, says Blacklock’s Reporter.

Article content

The audit says computer security at the Canada Revenue Agency — which has more than 27 million individual and corporate tax filers — is still uneven years after hackers breached the accounts of taxpayers.

“There was a lack of monitoring,” said the audit, blaming “a lack of management oversight.”

Revenue Agency managers “were not always aware of, or did not clearly understand, the security assessment and authorization process, more specifically for monitoring,” wrote auditors.

“Addressing security in the early stages of information technology projects and throughout the information system’s life cycle is vital to ensuring security is integrated into the design, that security objectives are met and that planning and resources are optimized.”

Article content

CRA’s website was shut down for six days in 2014 following a cyberattack, with hundreds of Social Insurance Numbers stolen.

Recommended video

Investigators determined the cyberattack went unnoticed for six hours before the system was shut down.

Six years later in 2020, thousands of tax records were breached in a second cyberattack and managers promised tighter security.

“The Canada Revenue Agency has one of the largest information technology environments and repositories of personal and financial information in the Government of Canada,” wrote auditors.

“Ninety percent of income tax and benefit returns and 94% of corporate income tax returns were filed digitally. It is essential for the agency to meet Canadians’ expectations for delivering client service while maintaining trust that their information will be protected from potential data breaches and identity theft.”

Share this article in your social network