Canadian government data breach overview:
- Who: More than 880,000 Canadians’ phone numbers and 85,000 email addresses linked to government accounts have been compromised.
- Why: A vulnerability in the multi-factor authentication provider’s software allowed hackers to access personal contact information.
- Where: The breach impacts users in Canada.
More than 880,000 Canadians have been affected by a Canadian Government data breach that compromised phone numbers and email addresses linked to federal government accounts.
The breach was disclosed Sept. 9, 2025, by the Government of Canadaโs Chief Information Officer.
The hack occurred due to a vulnerability in the software of a third-party multi-factor authentication provider used by the Canada Revenue Agency, Service Canada, and the Canada Border Services Agency.
The incident was traced back to a routine software update by 2Keys Corporation, which inadvertently created a security gap. This flaw allowed hackers to access phone numbers associated with CRA and ESDC accounts, as well as email addresses linked to CBSA accounts.
The government said in a statement: “The (malicious) actor sent spam text messages containing a link to a fraudulent phishing website designed to look like a Government of Canada website to some of these phone numbers.”
Phishing scam used to target Canadian government account users
The breach, categorized as a “non-material privacy incident,” did not involve sensitive personal data. However, the stolen information was used to send phishing messages, potentially leading to unauthorized access to government services if victims fell for the scam.
2Keys Corporation quickly addressed the vulnerability and restored the multi-factor authentication service. Despite the breach being limited to phone numbers and email addresses, the potential for phishing scams remains a concern.
The government advises users to be cautious of unexpected messages claiming to be from official sources. It also encourages users to use unique passwords, set up alerts for suspicious activity, and report spam messages.
For more information, affected individuals can contact the Treasury Board of Canada Secretariat at 613-369-9400 or toll-free at 1-855-827-9728. Email inquiries can be sent to [email protected].
Are you affected by this Canadian government data breach? Let us know in the comments.
Don’t Miss Out!
Check out our list of Class Action Lawsuits and Class Action Settlements you may qualify to join!
Read About More Class Action Lawsuits & Class Action Settlements:
