Federal government says emails, phone numbers accessed in cyberattack
Advertisement
Read this article for free:
or
Already have an account? Log in here »
We need your support!
Local journalism needs your support!
As we navigate through unprecedented times, our journalists are working harder than ever to bring you the latest local updates to keep you safe and informed.
Now, more than ever, we need your support.
Starting at $15.99 plus taxes every four weeks you can access your Brandon Sun online and full access to all content as it appears on our website.
Subscribe Nowor call circulation directly at (204) 727-0527.
Your pledge helps to ensure we provide the news that matters most to your community!
To continue reading, please subscribe:
Add Brandon Sun access to your Winnipeg Free Press subscription for only
$1 for the first 4 weeks*
*$1 will be added to your next bill. After your 4 weeks access is complete your rate will increase by $4.99 a X percent off the regular rate.
Read unlimited articles for free today:
or
Already have an account? Log in here »
OTTAWA – The federal government says individuals’ email addresses and phone numbers associated with Canada Revenue Agency, Employment and Social Development Canada and Canada Border Services Agency accounts were accessed in a cyberattack.
The Treasury Board of Canada Secretariat says the government was alerted to the cyber incident on Aug. 17 by 2Keys Corporation, the provider of a multi-factor authentication application used for the accounts.
The government says 2Keys Corporation discovered the incident, promptly informed the government and launched an investigation, which is being conducted with external cybersecurity experts.
Treasury Board says a routine software update caused a “vulnerability” that allowed a malicious actor to access phone numbers associated with CRA and ESDC accounts, and email addresses associated with CBSA accounts, linked to people who used the authentication service between Aug. 3 and Aug. 15.
The government says the actor sent spam text messages to some of the phone numbers with a link to a website designed to look like a Government of Canada website.
Treasury Board says the multi-factor authentication service has been restored and there’s no indication that any additional identifiable personal information or sensitive personal data was disclosed.
This report by The Canadian Press was first published Sept. 9, 2025.