The federal privacy watchdog says government departments lacked adequate protections to prevent a cyberbreach that compromised the sensitive information of tens of thousands of Canadians.
In a report tabled today, privacy commissioner Philippe Dufresne describes how the lapse at the Canada Revenue Agency and Employment and Social Development Canada in summer 2020 allowed hackers to fraudulently collect payments.
The report says the breach of financial, banking and employment data led to numerous cases of fraud and identity theft, including many illicit applications for COVID-19 emergency response benefits.
The investigation found the revenue and employment departments had underestimated the level of identity authentication needed for their online programs and services.
The commissioner also concludes the departments did not take the necessary steps to promptly detect and contain the breach.
The report says both organizations have agreed to implement recommendations aimed at ensuring efficient safeguards against attacks, rapid response to breaches and regular security assessments.