Committee
Consult the user guide
For assistance, please contact us
Consult the user guide
For assistance, please contact us
Add search criteria
Results: 1 - 12 of 12
View Matthew Green Profile
NDP (ON)
We've heard lots of discussion around the prevalence of CERB fraud, and yet we hear Mr. Brouillard talk about 50,000 identities stored in the dark web. Have there been any early indications or cross-reference between information that was taken through these breaches and potential fraudulent applications for the CERB?
View Matthew Green Profile
NDP (ON)
Before that happens, Mr. Chair, can I just ask Mr. Jones if something like that would be in his purview before it's passed along?
Scott Jones
View Scott Jones Profile
Scott Jones
2021-05-31 16:15
We're really talking about two different things, Mr. Chair. I think there's the number of data breaches that have happened. The Privacy Commissioner of Canada, in our national cyber-threat assessment where we highlight this, said that 28 million Canadians last year had their information taken. That information has then been reused to target the Government of Canada. By reusing passwords, for example, somebody was able to log in.
We're not talking about information that was taken from the government. It was taken from other data breaches, but people reuse things. Our security questions are the same. What's your favourite colour? What school did you go to, etc.? That's the information these criminals have stolen, and because passwords are horrible and we all have too many of them, we tend to reuse them. A lot of Canadians reuse them, and so those were able be reused. That's what credential stuffing is. Really, we're talking about information from other data breaches then turned and used against the Government of Canada. But Marc, maybe—
View Matthew Green Profile
NDP (ON)
I do say this respectfully, because it's not often that we have a member from the Communications Security Establishment before us. This is why I'm trying to get the most out of this intervention, because I don't know when you may be back.
Is there a scenario—this is for my own edification—where the information that might have been obtained through the CRA's vulnerabilities could then have been used to re-access fraudulent CERB applications? Maybe I'm oversimplifying it or conflating it.
I'd love to hear from you, Mr. Jones.
Scott Jones
View Scott Jones Profile
Scott Jones
2021-05-31 16:16
I think that would be a pretty unlikely scenario, to be frank, because that wasn't what we saw happening here. We saw Canadians being impersonated in this activity where they were using their legitimate credentials, so essentially logging in as them. I think that's kind of my overall response to this, but Marc might be able to tell you more.
View Pierre Paul-Hus Profile
CPC (QC)
Thank you, Minister. I will ask representatives of another department.
In your opening statement, you spoke about programs that were put in place quickly in response to the COVID-19 crisis. But this was accompanied in June by the inconvenient fact that the personal information of 5,500 people with a Canada Revenue Agency account had been compromised. Later, we learned that this was 11,200 accounts, some of which were accessible by means of a GCKey, a system that affects 30 departments, and other portals.
We even learned that these figures had quadrupled. According to information that we obtained, almost 50,000 Canadians had their personal information stolen when they were using government sites.
Can you confirm how many people in Canada were victims of identity theft as a result of using programs related to COVID-19 ?
View Joyce Murray Profile
Lib. (BC)
First, I'll say that we have a core responsibility to protect Canadians' information, and I take that very seriously. The government GCKey platform itself was not compromised, but like any large organization, the government's systems are constantly under attack using illegally acquired information and log-ins. We're committed to always responding, and I would like Marc to be able to talk more specifically about the numbers and what—
View Pierre Paul-Hus Profile
CPC (QC)
All right, I will let Mr. Brouillard answer.
I want to know whether 50,000 Canadians were victims of identity theft.
Marc Brouillard
View Marc Brouillard Profile
Marc Brouillard
2020-11-30 19:08
I can explain the situation to some extent.
The numbers changed as we conducted our investigation. According to the most recent reported figures, there were 9,300 GCKey accounts. This system is part of the identity program for more than 24 departments. The problem occurred more specifically at the CRA, which uses a different system. Of the 14 million CRA accounts, suspicious activities were identified in 48,500 accounts, which were then suspended.
View Pierre Paul-Hus Profile
CPC (QC)
Marc Brouillard
View Marc Brouillard Profile
Marc Brouillard
2020-11-30 19:09
I can't answer that. It's under investigation by the RCMP.
Results: 1 - 12 of 12

Export As: XML CSV RSS

For more data options, please see Open Data