The federal government said a recent cyberattack exposed contact details, including e-mail addresses and phone numbers, connected to accounts with the Canada Revenue Agency, Employment and Social Development Canada, and the Canada Border Services Agency. The Globe & Mail
The federal government confirmed that a cyberattack exposed contact information linked to several federal agencies. Officials said e-mail addresses and phone numbers tied to Canada Revenue Agency (CRA), Employment and Social Development Canada (ESDC), and Canada Border Services Agency (CBSA) accounts were accessed.
The Treasury Board of Canada Secretariat said it learned of the breach on August 17. The alert came from 2Keys Corporation, the company that manages the multi-factor authentication service used for these accounts.
How the Breach Happened
According to the Treasury Board, a regular software update created a security weakness. That flaw allowed a malicious actor to collect phone numbers tied to CRA and ESDC accounts, as well as e-mail addresses connected to CBSA accounts.
The incident affected people who used the authentication service between August 3 and August 15.
Spam Messages Sent to Victims
Officials said the attacker sent spam text messages to some affected numbers. The messages included links to a website made to look like an official Government of Canada site. Authorities warned that the website was designed to trick people into sharing more personal information.
Quick Response from Authorities
Treasury Board confirmed that 2Keys Corporation reported the problem right away and began an investigation. The government said outside cybersecurity experts are helping with the review.
The multi-factor authentication service has since been restored. Treasury Board said there is no sign that sensitive personal data, such as banking or identification details, was taken.
Protecting Canadians Moving Forward
The government said steps are being taken to strengthen security across federal digital services. Officials urged Canadians to stay alert for suspicious messages or links claiming to be from government departments.
Anyone who suspects they received a fake message is encouraged to report it to the Canadian Anti-Fraud Centre.
This latest breach comes at a time when concerns about online security remain high. With more government services moving online, experts say protecting digital accounts is critical to maintaining public trust.
What Canadians Should Know
- The breach affected CRA, ESDC, and CBSA accounts.
- The incident occurred between August 3 and August 15.
- Only phone numbers and e-mail addresses were exposed.
- Spam messages were sent, but sensitive data remains safe.
- The authentication system is back online with added security.
Officials reassured Canadians that the government takes the protection of personal information seriously and will continue to review its systems to prevent future incidents.
