Committee
Consult the user guide
For assistance, please contact us
Consult the user guide
For assistance, please contact us
Add search criteria
Results: 1 - 15 of 55
View Francis Drouin Profile
Lib. (ON)
Great. Thank you.
I'll switch gears.
Some Canadians, obviously, felt the impact of their government accounts being closed with the CRA. Can someone explain to me what happened there and why the government took the precaution to shut down these accounts? What is the best way for Canadians to prevent that from happening?
Marc Brouillard
View Marc Brouillard Profile
Marc Brouillard
2021-05-31 16:47
I can answer the first part of that question, Mr. Chair.
The CRA has been proactively using different methods and third parties to look for signals that accounts have been identified and potentially compromised. This is anything from, again, going back to the capabilities where there have been previous compromises or known lists of identities that are suspicious. All they do is deactivate the accounts. They contact the users, and they tell them that they may have been compromised and that this may have been part of some other event that may affect other accounts like their bank accounts, Facebook accounts and things like that. It is giving Canadians a proactive piece of advice that they need to look at their cyber-hygiene and that they need to take action.
With regard to the CRA accounts, there's a process for them to re-establish their accounts. They don't lose their accounts permanently. It's just that they have to reset their passwords and re-establish their identities.
I would leave it to Mr. Jones to talk about what other cyber-hygiene activities Canadians should take to protect themselves overall when this happens or just even as part of due course.
Scott Jones
View Scott Jones Profile
Scott Jones
2021-05-31 16:48
Mr. Chair, I'll quickly add in on what Canadians can do.
The first thing is this: Don't reuse passwords on accounts that you really care about. In fact, don't reuse passwords. We recommend that Canadians use things like password managers, something that will autogenerate some random, complicated string of passwords.
For things that you really care about though, use unique passwords. Turn on multifactor authentication. That means asking it to send you a text message when you're logging in, logging in from a trusted device, or having one of those hard tokens, although most people won't use those because those are kind of hard to use. However, turn on something so that it verifies.
Security questions are not multifactor authentication. That information has been stolen, so don't count on that as a second factor. When we talk about that.... So, it's something you know: your password. It's something you are: in the physical world, a fingerprint or a picture or something like that. It's something you have. That's where we talk about your getting a text message on your phone that gives you a code to log in with for the next few minutes, etc. That's multifactor authentication.
Turning on those things already makes you a much harder target. Those are simple things you can do. I encourage every Canadian to go in and change the passwords for the things you care about, the things that can have harm to you as a citizen. Set it to a hard password—better yet, a pass phrase if its allowed—something that only you know, that only you can remember. If you're going to write it down, lock it away somewhere and hide it. Don't tape it under your keyboard. That's the first place anybody looks.
View Francis Drouin Profile
Lib. (ON)
Mr. Giroux, thank you very much for joining us once again. I would like to take this opportunity to wish you a wonderful year filled with reports that will inform parliamentarians, including myself.
I want to come back to Mr. Paul-Hus' question about the Canada Revenue Agency.
The agency told you that it was afraid to provide you with certain data because it might allow you to identify individuals. Have you consulted with the Office of the Privacy Commissioner of Canada to find a solution?
Yves Giroux
View Yves Giroux Profile
Yves Giroux
2021-01-27 17:48
No. This is an outstanding issue that has been discussed with the Canada Revenue Agency for a very long time, even before I took office.
I did not consult the Office of the Privacy Commissioner, because the legislation is quite clear to me: my office must have access to information in a timely manner and free of charge.
Having said that, having worked at the agency, I understand their concerns very well. Section 241 of the Income Tax Act is quite clear: the agency must not disclose personal taxpayer information. However, that is not what we asked for.
On the one hand, the agency has this desire, which I would say is pathological, to protect taxpayer information, which is a good thing for taxpayers. On the other hand, it must provide timely and useful information to an officer of Parliament whose mandate is to provide information and analysis to members of Parliament and senators. It's a matter of finding a compromise.
View Kelly McCauley Profile
CPC (AB)
We heard earlier today Mr. Green talking about some of the wage subsidies support. The government has listed the names of the companies but not the amounts. Now, we've also heard that the communist-controlled Bank of China, or whatever their bank was here, received subsidies. Foreign-controlled airlines received subsidies. Should CRA be releasing the information for transparency for parliamentarians and taxpayers to see how much has been received by the companies for these subsidies?
Yves Giroux
View Yves Giroux Profile
Yves Giroux
2021-01-27 18:03
That's very close in its design or its nature to a subsidy. In the case of subsidies, my understanding is that the amounts of subsidies that corporations and businesses receive tend to be public, generally speaking. In the case of the wage subsidy, there could be competitiveness issues in some instances, but generally speaking, I think the amounts that corporations have received should indeed be public.
Now that the government is disclosing who receives them, the competitive disadvantage, if there was one, has probably been eroded already. Disclosing the amounts would be more transparent.
View Dane Lloyd Profile
CPC (AB)
Thank you.
That actually leads me to my final question, Minister, for this round. In our previous meeting, the staff had mentioned that no new data centres were being built, but I have been told that the CRA is presently building a new data centre.
Can you confirm that the procurement for this CRA project, including the networking, will be completed in an open, competitive manner based on functional requirements and not on the current requirements, or the previous requirements that only allowed for incumbent players to compete on these projects?
View Joyce Murray Profile
Lib. (BC)
The four enterprise data centres are in place. That's not being procured now.
I will turn it over to Mr. Glover to answer your specific question about the centre you've referred to.
View Pierre Paul-Hus Profile
CPC (QC)
Thank you, Minister. I will ask representatives of another department.
In your opening statement, you spoke about programs that were put in place quickly in response to the COVID-19 crisis. But this was accompanied in June by the inconvenient fact that the personal information of 5,500 people with a Canada Revenue Agency account had been compromised. Later, we learned that this was 11,200 accounts, some of which were accessible by means of a GCKey, a system that affects 30 departments, and other portals.
We even learned that these figures had quadrupled. According to information that we obtained, almost 50,000 Canadians had their personal information stolen when they were using government sites.
Can you confirm how many people in Canada were victims of identity theft as a result of using programs related to COVID-19 ?
View Joyce Murray Profile
Lib. (BC)
First, I'll say that we have a core responsibility to protect Canadians' information, and I take that very seriously. The government GCKey platform itself was not compromised, but like any large organization, the government's systems are constantly under attack using illegally acquired information and log-ins. We're committed to always responding, and I would like Marc to be able to talk more specifically about the numbers and what—
View Pierre Paul-Hus Profile
CPC (QC)
All right, I will let Mr. Brouillard answer.
I want to know whether 50,000 Canadians were victims of identity theft.
Marc Brouillard
View Marc Brouillard Profile
Marc Brouillard
2020-11-30 19:08
I can explain the situation to some extent.
The numbers changed as we conducted our investigation. According to the most recent reported figures, there were 9,300 GCKey accounts. This system is part of the identity program for more than 24 departments. The problem occurred more specifically at the CRA, which uses a different system. Of the 14 million CRA accounts, suspicious activities were identified in 48,500 accounts, which were then suspended.
View Pierre Paul-Hus Profile
CPC (QC)
Results: 1 - 15 of 55 | Page: 1 of 4

1
2
3
4
>
>|
Export As: XML CSV RSS

For more data options, please see Open Data