OTTAWA — The federal government says a cyberattack exposed some people’s email addresses and phone numbers linked to Canada Revenue Agency (CRA), Employment and Social Development Canada (ESDC), and Canada Border Services Agency (CBSA) accounts.
The Treasury Board of Canada Secretariat said on Aug. 17, 2Keys Corporation—the company that provides the multi-factor authentication app for these accounts—alerted the government about the security incident.
According to officials, 2Keys quickly informed the government and began an investigation with outside cybersecurity experts.
Treasury Board explained that a routine software update created a weakness that let a hacker access phone numbers tied to CRA and ESDC accounts, as well as email addresses linked to CBSA accounts. This affected people who used the authentication service between Aug. 3 and Aug. 15.
The hacker then sent spam text messages to some of the phone numbers, including a fake link that looked like a Government of Canada website.
The government says the multi-factor authentication service is now secure again and there’s no sign that any other personal or sensitive information was stolen.
