Heartbleed bug prompts Canada Revenue Agency to shut down online tax filing

Web browser vulnerability raises Internet security, privacy alarm for CRA, Yahoo and other sites

The logo for the Heartbleed bug

The Canada Revenue Agency has temporarily shut down public access to its online services in response to a possible Internet security breach, throwing a wrench into the plans of many Canadians to file their income taxes online and raising privacy concerns for others.

The so-called ‘Heartbleed’ bug is thought to have potentially given hackers access to millions of passwords, credit card numbers and other information at several major websites, including the Canada Revenue Agency (CRA), Yahoo, Tumblr and Flickr.

The CRA said it has cut off online access to its EFILE, NETFILE, My Account, My Business Account and Represent a Client services.

“The CRA recognizes that this problem may represent a significant inconvenience for individual Canadians, representatives and businesses that count on the CRA for online information and services,” the agency said in a statement.

“Please be assured that we are fully engaged in resolving this matter and restoring online services as soon as possible in a manner that ensures the private information of Canadians remains safe and secure.”

The CRA called its action a “preventative measure” to safeguard the integrity of its data and said its first priority is ensuring confidentiality of taxpayer information.

The Heartbleed vulnerability, which went undetected for two years, affects web browsing using supposedly secure, encrypted connections where the browser displays a closed padlock.

The CRA is also promising “consideration” to taxpayers who can’t meet their requirement to file their income taxes by the end of the month.

The agency said it will provide updates at noon daily (3 p.m. EST) on its home page until the situation is resolved.