CRA website back online up after security concerns

By late Sunday, CRA reported it had fixed its system and tested for the vulnerability, and had brought the services back online.

The notice says people can still complete their forms, but will have to wait to file.

The agency posted a notice on its website Friday.

The CRA said all of its online services are back to normal after being offline since Friday afternoon.

The agency doesn't stipulate the vulnerability it identified, merely saying it affected "websites worldwide", prompting it to "temporarily take down our online services, including electronic filing" while it applied patches.

CRA couldn't immediately comment on the seriousness of the threat or whether this was the first time its services had been taken off line due to security concerns.

"Digital services were taken offline as a precaution, not as the result of a successful hack or breach", Samson says in an email.

The CRA services affected by the shutdown included "My Account", "My Business Account", "Netfile", "EFILE" and "Auto-Fill My Return".

At press time, no details about the security risk had been released aside from the CRA's statement, which sought to assure Canadians that the agency worked "around the clock" with other government departments to implement a solution that would address the vulnerability.

The flaw became widely known last week and can use "remote code execution" to add malicious files or delete legitimate ones and security researchers say it is being exploited actively and widely. Canadians should not expect a delay in getting their refund.

  • Lila Blake