Edited by: Top Class Actions  |  October 7, 2025

Category: Data Breach
echnology background with national flag of Canada.
(Photo Credit: HTGanzo/Shutterstock)

Canadian government data breach overview:

  • Who: More than 880,000 Canadians’ phone numbers and 85,000 email addresses linked to government accounts have been compromised.
  • Why: A vulnerability in the multi-factor authentication provider’s software allowed hackers to access personal contact information.
  • Where: The breach impacts users in Canada.

More than 880,000 Canadians have been affected by a Canadian Government data breach that compromised phone numbers and email addresses linked to federal government accounts. 

The breach was disclosed Sept. 9, 2025, by the Government of Canadaโ€™s Chief Information Officer.

The hack occurred due to a vulnerability in the software of a third-party multi-factor authentication provider used by the Canada Revenue Agency, Service Canada, and the Canada Border Services Agency.

The incident was traced back to a routine software update by 2Keys Corporation, which inadvertently created a security gap. This flaw allowed hackers to access phone numbers associated with CRA and ESDC accounts, as well as email addresses linked to CBSA accounts. 

The government said in a statement: “The (malicious) actor sent spam text messages containing a link to a fraudulent phishing website designed to look like a Government of Canada website to some of these phone numbers.”

Phishing scam used to target Canadian government account users

The breach, categorized as a “non-material privacy incident,” did not involve sensitive personal data. However, the stolen information was used to send phishing messages, potentially leading to unauthorized access to government services if victims fell for the scam.

2Keys Corporation quickly addressed the vulnerability and restored the multi-factor authentication service. Despite the breach being limited to phone numbers and email addresses, the potential for phishing scams remains a concern. 

The government advises users to be cautious of unexpected messages claiming to be from official sources. It also encourages users to use unique passwords, set up alerts for suspicious activity, and report spam messages.

For more information, affected individuals can contact the Treasury Board of Canada Secretariat at 613-369-9400 or toll-free at 1-855-827-9728. Email inquiries can be sent to [email protected].

Are you affected by this Canadian government data breach? Let us know in the comments.


Don’t Miss Out!

Check out our list of Class Action Lawsuits and Class Action Settlements you may qualify to join!


Read About More Class Action Lawsuits & Class Action Settlements:

We tell you about cash you can claim EVERY WEEK! Sign up for our free newsletter.

  • This field is for validation purposes and should be left unchanged.

Leave a Reply

Your email address will not be published. By submitting your comment and contact information, you agree to receive marketing emails from Top Class Actions regarding this and/or similar lawsuits or settlements, and/or to be contacted by an attorney or law firm to discuss the details of your potential case at no charge to you if you qualify. Required fields are marked *

Please note: Top Class Actions is not a settlement administrator or law firm. Top Class Actions is a legal news source that reports on class action lawsuits, class action settlements, drug injury lawsuits and product liability lawsuits. Top Class Actions does not process claims and we cannot advise you on the status of any class action settlement claim. You must contact the settlement administrator or your attorney for any updates regarding your claim status, claim form or questions about when payments are expected to be mailed out.