Top Class Actions’s website and social media posts use affiliate links. If you make a purchase using such links, we may receive a commission, but it will not result in any additional charges to you. Please review our Affiliate Link Disclosure for more information.
The federal government and the Canada Revenue Agency are facing a class action lawsuit over a series of cyberattacks that affected Canadians who applied online for emergency aid during the COVID-19 pandemic.
The cyberattacks reportedly affected individuals who had applied for financial assistance from the Canadian Emergency Relief Benefit (CERB) or the Canadian Emergency Student Benefit (CESB), which pays recipients up to $2,000 per month.
Cyberattack Puts Consumer Data At Risk of Identity Theft, Fraud
According to the CRA class action lawsuit Canada, which was filed Aug. 24 in Vancouver federal court, there were at least three cyberattacks between mid-March and mid-August that reportedly resulted in the theft of applicants’ personal and financial information.
According to the CRA class action lawsuit, the information stolen from the data breach includes social insurance numbers, home addresses, tax information, and bank account details. As a result, the hackers were allegedly able to use this data to commit identity theft, change direct deposit information, and file fraudulent claims under the COVID-19 relief programs.
The public was reportedly not notified of this data theft until Aug. 15 when CBC News first reported about the cyberattack.
On Aug. 17, the Treasury Board and CRA confirmed the security breaches during a news briefing. The cyber attacks reportedly targeted the CRA and GCKey, an online portal that allows access to services such as employment insurance, immigration applications and veterans’ benefits.
The hackers were allegedly able to use previously hacked credentials to access users’ CRA accounts. The affected accounts were reportedly cancelled once the data breach was discovered, and users whose credentials were compromised will be provided with instructions to get a new GCKey.
According to the CRA data breach class action lawsuit, at least 14,500 Canadians may be affected by the data breach.
Data Breach Class Action Calls CRA’s Actions “Reprehensible”
The plaintiffs reportedly call the CRA’s actions “reprehensible” and that they “showed a callous disregard” for the victims’ rights.
Further, the CRA data breach class action lawsuit alleges that CRA’s actions constituted a “departure from ordinary standards of decent behaviour” and deserve to be punished.
The CRA, for its part, says that “a vulnerability in security software” is to blame for the data breaches and that the agency did not learn of the first cyberattack until Aug. 7.
The CRA data breach class action lawsuit claims that the CERB and CESB were “implemented hastily” without adequate safeguards to protect consumers’ data.
While the data breaches are being investigated, applications to the aid programs have reportedly been frozen, causing them further financial hardship. To make matters worse, those affected will have to be vigilant about the risk of identity theft throughout their lifetimes.
“I’m definitely stressed out and anxious because I don’t know who has my information and I don’t know who can get a copy of my information,” says plaintiff Ally Scott. She says she applied for CESB.
“I’m only 19 years old. I’m worried that I’m going to have to combat this issue for the rest of my life. And that seems pretty daunting.”
Plaintiff Anne Campeau of Windsor, Ontario, says she wasn’t even eligible for emergency funds because she is an essential worker. However, she says her identity was stolen and the thief was able to obtain benefits under her name for two months.
“Somebody, somewhere, has gotten $4,000 of payments and I don’t want that to be attached to my social insurance number, because I didn’t apply for it,” Anne says. “I don’t qualify.”
The CRA data breach class action lawsuit seeks compensation to cover the cost of credit monitoring, damage to victims’ credit ratings, and for mental distress, stress and anxiety.
Consumers Targeted by COVID-19 Fraud
The COVID-19 pandemic has created an opportunity for bad actors to cash in on consumers’ fear and uncertainty. On April 14, Health Canada warned that Canadians were being sold fraudulent and unauthorized N95 respirators that were marketed as providing protection against COVID-19.
Health Canada said it had received reports that the respirators weren’t certified under its Class I medical device regulations or by the U.S. National Institute for Occupational Safety and Health (NIOSH).
“Fraudulent or unauthorized N95 masks may not meet the same performance measures required by the NIOSH N95 standard and, as a result, may not properly protect consumers from COVID-19,” Health Canada warned.
The “N95” designation means that the respirator has been carefully tested to ensure that it blocks at least 95% of small test particles, such as pathogens, Health Canada explained.
Health Canada has also warned consumers about the risks of homemade hand sanitizers and urged consumers to only use hand sanitizers with at least 60% alcohol that had been approved by the agency, if soap and water are not available, to limit the spread of COVID-19.
CBC News reports that seniors may be particularly vulnerable to fraud during the COVID-19 pandemic. Since many seniors are in isolation during this time, there is concern that there are more opportunities for them to become a victim of a scam.
“The concern was because of the lock down, certain fraudsters…will it try to ingratiate themselves with, you know, under the guise of coming in to assist with even, you know, buying groceries or helping in that sense,” Lilian Bahgat, Community Legal Aid review counsel, told CBC reporters.
What do you think about the CRA data breach class action lawsuit? Have you been a victim of a data breach or fraud since the COVID-19 pandemic began? Tell us your story in the comment section below!
ATTORNEY ADVERTISING
Top Class Actions is a Proud Member of the American Bar Association
LEGAL INFORMATION IS NOT LEGAL ADVICE
Top Class Actions Legal Statement
©2008 – 2024 Top Class Actions® LLC
Various Trademarks held by their respective owners
This website is not intended for viewing or usage by European Union citizens.
23 thoughts onCRA Targeted in Class Action Lawsuit After a Series of Cyberattacks
Add me my data was breached. I already fear that my Identity will be stolen being on the internet never thought a site associated with our government would be the one it happened on.
Yes I have at least twice when they got hacked what a nightmare trying to stay on the phone for two plus hours of the day to get a hold of them and do something about it sorry I didn’t add in the first one add me please
Yes I have at least twice when they got hacked what a nightmare trying to stay on the phone for two plus hours of the day to get a hold of them and do something about it
I would also like to be apart of this. CRA has messed around with me so long now, since the first cyber attack. This has now lead to me being homeless coming March as there is lack of work in the area due to covid-19.
I would like more information.
My account was compromised on July 25th I believe. They applied for two CERB payments. I noticed 2 hours aftet they changed my direct deposit. I managed to stop my direct deposit in time and had to call CRA on Monday. They ended up sending me two cheques in the mail about a week later that I had to spend money on sending back. I wasnot entitled to benefits as I work full time. Very stressful situation. Now to unlock my account I need to sit on hold for hours.
Keep getting fraudulent calls.
Add me
Call Murphy Battista’s Vancouver office at (604) 683-9621 or Toll Free at 1-888-683-9621, and ask to speak to a member of the legal team handling the CRA Privacy Breach Class Action. Reception will transfer your call to someone who can help you.
I would like to be part of this lawsuit.
Since I received an actual email from Canada Revenue agency, stating my account has been comprised and my Social Insurance number has been exposed..
I kept the email..
So what do I do?
Someone hacked into my CRA online account and applied for the CERB and changed my Direct Deposit information so that payments would be deposited to the hacker’s account. The event took place on August 6 and I was made aware on Aug 7 when I was notified by Email from CRA that my Direct Deposit information had been changed. I acted immediately and contacted CRA. They froze my account pending investigation. I was advised to notify all of my credit card & bank accounts as well as to file a police report and to notify Service Canada, The Canadian Anti Fraud Dept & Equifax. This process took the better part of a day due to very lengthy on hold times at each place. Some of my accounts were frozen, alerts & additional layers of security were placed on most of my accounts. I remain very concerned about my ability to apply for credit or loans in the future and I would very much be interested in being a part of a Class Action Law Suit against CRA
Call Murphy Battista’s Vancouver office at (604) 683-9621 or Toll Free at 1-888-683-9621, and ask to speak to a member of the legal team handling the CRA Privacy Breach Class Action. Reception will transfer your call to someone who can help you.
I have been affected by this breach and all of my CERB payments have been halted, they’re handling this situation by telling me “we don’t have the authority to do anything you have to wait 10 business days to receive a letter in the mail and a phone call from one of our managers.” Seriously if anybody handling the class action lawsuit reads this email me at brodyfm1999@gmail.com I’d be willing to give a statement or testify.