A recent report by the federal privacy watchdog revealed that the Canada Revenue Agency has experienced over 42,000 breaches since 2020, where individuals gained unauthorized access to or altered taxpayer information. Privacy Commissioner Philippe Dufresne highlighted deficiencies in the agency’s measures for preventing, monitoring, detecting, and addressing breaches.
Dufresne noted that due to limitations in tracking systems and the high volume of incidents, the agency could not provide detailed information on every confirmed breach. The report also criticized the agency for not promptly implementing mandatory multi-factor authentication, a security measure to enhance account security, and for inconsistently following recognized best practices.
Additionally, it was found that the agency struggled to explain how hackers bypassed authentication processes. In response to these findings, the Commissioner issued nine recommendations for enhancement, with the agency accepting eight recommendations in full and one partially.