12,700 Canadians sue feds over CERB fraud

Massive data breach involved CRA accounts

12,700 Canadians sue feds over CERB fraud

A total of 12,700 Canadians are suing the federal government for what they claim to be “system negligence” which resulted in a massive data breach at the Canada Revenue Agency (CRA)

The lawsuit is linked to the 2020 CRA breach of the MyCRA portal. The government noted in August 2020 that roughly 5,500 CRA accounts were targeted as part of the GCKey attack and another “credential stuffing” attack aimed at the CRA.

However, fraudsters changed the taxpayer’s direct deposit banking information and then fraudulently applied for the $2,000-per-month Canada Emergency Response Benefit (CERB) on 12,700 different MyCRA accounts in a span of nearly two weeks, reports the Ottawa Citizen, citing a federal court ruling last week.

The ruling does not reveal the total value of fraudulent benefit claims related to the breach.

Used by about 30 federal departments, GCKey allows Canadians to access services such as Employment and Social Development Canada’s My Service Canada Account or their Immigration, Refugees and Citizenship Canada account.

Late last week, the federal court certified the class-action lawsuit and allowed it to go forward.

In November 2021, the federal government announced it is looking to collect money it distributed through the CERB.

‘Robust systems’

The CRA, meanwhile, have worked to address possible breaches, according to spokesperson Etienne Biram

“No organization is immune to cyber incidents or fraudulent activity. This is why the CRA has robust systems and tools in place to monitor, detect, investigate and quickly neutralize potential threats,” says Biram, according to the Ottawa Citizen.

“As scammers adapt their practices, so does the CRA. We regularly adjust and improve our security measures in response to this ever evolving threat environment and continuing intrusion attempts.”

Despite the risks, fewer and fewer companies are investing in cybersecurity training for workers. Only 40 per cent plan to offer this type of training this year, found a survey by IT company NOVIPRO.