BC Freedom of Information and Privacy Association
Your Data Your Rights
The federal government says individuals’ email addresses and phone numbers associated with Canada Revenue Agency, Employment and Social Development Canada and Canada Border Services Agency accounts were accessed in a cyberattack.
The Treasury Board of Canada Secretariat says the government was alerted to the cyber incident on Aug. 17 by 2Keys Corporation, the provider of a multi-factor authentication application used for the accounts.
The government says 2Keys Corporation discovered the incident, promptly informed the government and launched an investigation, which is being conducted with external cybersecurity experts.
Treasury Board says a routine software update caused a “vulnerability” that allowed a malicious actor to access phone numbers associated with CRA and ESDC accounts, and email addresses associated with CBSA accounts, linked to people who used the authentication service between Aug. 3 and Aug. 15.
The government says the actor sent spam text messages to some of the phone numbers with a link to a website designed to look like a Government of Canada website.
Treasury Board says the multi-factor authentication service has been restored and there’s no indication that any additional identifiable personal information or sensitive personal data was disclosed.
This report by The Canadian Press was first published Sept. 9, 2025.
You can support trusted and verified news content like this.
FIPA’s news monitor subscribers, donors and funders help make these available to everyone rather than behind a paywall. We appreciate every contribution because it makes a difference.
If you found this article interesting and useful, please consider contributing here.
