The Canada Revenue Agency (CRA) says it has locked roughly 800,000 accounts after a routine check found that the login information was available to "unauthorized individuals."
The tax agency says impacted users will be locked out of their accounts as a preventive measure until they create a new user ID and password.
Officials say the accounts were not compromised as a result of a breach of the agency's online systems.
Instead, the federal agency says the login information may have been obtained by unauthorized third parties and through a variety of means by sources external to the CRA, including email phishing schemes.
The statement comes less than a month after the tax agency said an unspecified number of user IDs and passwords may have been accessed by unauthorized individuals, "through a variety of means by sources external to the CRA."
In February the federal agency said accounts had not been compromised by a cyberattack but were locked as a preventive measure.
