Canada's tax agency today said it has temporarily cut off public access to its electronic filling services just three weeks before the tax deadline because of security concerns over the "Heartbleed bug."
Canada Revenue Agency spokeswoman Mylene Croteau said the agency is taking precautionary measures because of the threat known as "Heartbleed," an alarming global internet lapse in security that has exposed millions of passwords, credit card numbers and other sensitive bits of information to potential theft by computer hackers.
The breakdown revealed this week affects the encryption technology that is supposed to protect online accounts for emails, instant messaging and a wide range of electronic commerce. Security researchers who uncovered the threat are particularly worried about the breach because it went undetected for more than two years.
Also Read
Canada's tax agency said it is working to restore secure access as soon as possible. The agency said it recognises the problem may represent a significant inconvenience for Canadians and that consideration will be given to taxpayers who are unable to comply with their filing requirements because of the interruption.
This is a busy time of year for the tax agency, as people file returns electronically and track the progress of refunds online.
As of the end of March, the agency had received 6.7 million returns, with 84 per cent filed electronically.
"We're on top of this. We had our IT officials working throughout the night," Canada Revenue Minister Kerry-Lynne Findlay said.
Croteau said the agency will be posting an update later today.
"If the issue continues we'll keep posting updates at 3 PM every day," Croteau said.
Heartbleed creates an opening in SSL/TLS, an encryption technology marked by the small, closed padlock and "https:" on Web browsers to signify that traffic is secure. The flaw makes it possible to snoop on Internet traffic even if the padlock had been closed.
Interlopers could also grab the keys for deciphering encrypted data without the website owners knowing the theft had occurred, according to security researchers.
The problem affects only the variant of SSL/TLS known as OpenSSL, but that happens to be one of the most common on the Internet.