The Canada Revenue Agency (CRA) decided to temporarily shut down the access to its online tax services due to an internet bug in the OpenSSL program known as the Heartbleed Bug, which can compromise the encryption of many websites, putting passwords and other sensitive information at risk.
Preventive measure in light of Heartbleed
In a statement on Wednesday, the CRA emphasize its first priority is to ensure the confidentiality of the information of taxpayers, and the temporary shutdown of its online services including EFILE, NETFILE, My Account, My Business Account, and Represent a Client is a preventive measure.
“We have received information concerning an Internet security vulnerability named the Heartbleed Bug. As a preventative measure, the CRA has temporarily shut down public access to our online services to safeguard the integrity of the information we hold,” said the the agency in a statement.
The CRA also assured Canadians taxpayers that it is “fully engaged” in resolving the issue and restoring its online services as soon as possible in a way that ensures their private information remain safe and secure. The agency added that it is committed in investigating any potential impacts of the Heartbleed bug to the information of taxpayers.
Furthermore, the CRA said, “Please note that consideration will also be given to taxpayers who are unable to comply with their filing requirements because of this service interruption.” The agency will provide daily updates on its website at 3 PM EST until the issue is resolved.
IRS aware of the Heartbleed bug
The Internal Revenue Service (IRS) of the United Stated told CNBC that it is aware of the Heartbleed bug, and it is investigating its impact on its system. At present, the agency has not observed any effect and will continue to monitor its system.
Heartbleed bug’s consequence is scary
Kevin Bocek, vice president of security strategy and threat intelligence at Venafi, a cybersecurity company in Salt Lake City said the Heartbleed bug is a vulnerability found in the OpenSSL, a technology used to provide protection for approximately 66% of all servers on the public internet, and it is an open source code maintained by a community of developers.
“The scope of this is immense. And the consequences are still scary. I’ve talked about this like a ‘Mad Max’ moment. It’s a bit of anarchy right now. Because we don’t know right now who has the keys and certificates on the Internet right now,” said Bocek.
Neel Mehta, a security researcher at Google Inc (NASDAQ:GOOG) (NASDAQ:GOOGL) and a team of security engineers at Codenomicom, a security website discovered the Heartbleed bug separately last week.