Ottawa: Personal data for as many as 900 Canadian taxpayers was stolen after being made vulnerable by the "Heartbleed" bug, officials in Ottawa said on Monday.
Andrew Treusch, Commissioner of Canada Revenue Agency (CRA), said government security agencies notified his office "of a malicious breach of taxpayer data that occurred over a six-hour period" last week.
Treusch said approximately 900 social insurance numbers -- nine-digit codes required for working or accessing government benefits in Canada -- "were removed from CRA systems by someone exploiting the Heartbleed vulnerability."
Government officials, he added, are combing through CRA systems and "analyzing other fragments of data, some that may relate to businesses, that were also removed."
Federal police are also investigating, Treusch said.
The CRA last week shuttered its website over concerns about the Heartbleed bug. It was rebooted over the weekend after a patch was installed.
The recently-discovered flaw in online-data scrambling software OpenSSL allows hackers to eavesdrop on online communications, steal data, impersonate websites and unlock encrypted data.
OpenSSL is commonly used to protect passwords, credit card numbers and other data sent via the Internet.
More than half of websites use the software, but not all versions have the same vulnerability, according to heartbleed.com.
Cybersecurity firm Fox-It estimates that the vulnerability has existed for about two years, since the version of OpenSSL at issue was released.
Computer security specialists, website masters and others became aware last week of problems posed by the "Heartbleed" bug after several reports of hacking.
Andrew Treusch, Commissioner of Canada Revenue Agency (CRA), said government security agencies notified his office "of a malicious breach of taxpayer data that occurred over a six-hour period" last week.
Treusch said approximately 900 social insurance numbers -- nine-digit codes required for working or accessing government benefits in Canada -- "were removed from CRA systems by someone exploiting the Heartbleed vulnerability."
Federal police are also investigating, Treusch said.
Advertisement
The recently-discovered flaw in online-data scrambling software OpenSSL allows hackers to eavesdrop on online communications, steal data, impersonate websites and unlock encrypted data.
Advertisement
More than half of websites use the software, but not all versions have the same vulnerability, according to heartbleed.com.
Advertisement
Computer security specialists, website masters and others became aware last week of problems posed by the "Heartbleed" bug after several reports of hacking.
COMMENTS
Advertisement
Vir Das Shares New Schedules For London, Canada Shows: "Voice Is A Lot Better" Canada Aims To Join Military Alliance AUKUS To Counter China In Indo-Pacific Region Pak Man Accused Of Plotting Attack On US Jews Was On Student Visa In Canada 9 Dead, 2,800 Hurt As Pagers Explode Across Lebanon, Hezbollah Blames Israel China, Russia Concerned About India-US Relationship: Top American Diplomat "Wear Proper Undergarments": Delta Airlines' New Memo For Flight Attendants Liquor, Drugs Worth Rs 26.82 Crore Seized In Haryana Since Poll Code UN Says Lebanon Pager Blasts 'Extremely Concerning Escalation' Kamala Harris Calls For End To War In Gaza, No Israeli Reoccupation Track Latest News Live on NDTV.com and get news updates from India and around the world.