Article Lead Image

Heartbleed bug shuts down online tax filing in Canada

Paying taxes just got worse.


Fernando Alfonso III


Posted on Apr 9, 2014   Updated on May 31, 2021, 12:21 pm CDT

The Canadian government has suspended its online tax service due to the Heartbleed bug.

The cybersecurity flaw, which is being called one of the worst failures in Internet security history, forced the Canada Revenue Agency (CRA) to shut down its online tax collection Wednesday, as a preventative measure.

In a statement to Reuters, the CRA said it understood the “significant inconvenience” of its e-filing shutdown, and promised to bring it back online soon:

The CRA recognizes that this problem may represent a significant inconvenience for individual Canadians, representatives, and businesses that count on the CRA for online information and services. Please be assured that we are fully engaged in resolving this matter and restoring online services as soon as possible in a manner that ensures the private information of Canadians remains safe and secure.

In the U.S., the IRS says it is looking into the Heartbleed vulnerability but has not yet found its system to be compromised.

Heartbleed gripped the entire Internet this week, after security professionals at Codenomicon and Neel Mehta of Google Security rediscovered it Monday afternoon.

The Heartbleed bug allows attackers to access private information that should be tightly protected. That information includes usernames, passwords, instant messages, personal emails, and more.

Errata Security analyzed 28 million IP addresses and determined that 2.1 percent of them—615,134—remained vulnerable to attack.

The only way to protect yourself from the bug is to avoid sites that are vulnerable. For sites that have fixed the bug, changing your password is one of the ways to protect your information. 

Italian programmer Filippo Valsorda created a tool called the “Heartbleed Test” for Web administrators to see if their servers have been compromised. Web users can find out if the sites they visit are vulnerable using this website from LastPass.

Photo by Jamie In Bytown/Flickr (CC By 2.0)

Share this article
*First Published: Apr 9, 2014, 5:23 pm CDT