The Ottawa Citizen reports that 900 Canadian citizens' social insurance numbers were stolen from the Web site of the Canada Revenue Agency (CRA) after the site was compromised by the Heartbleed bug (h/t DataBreaches.net).
Despite the fact that the CRA removed public access to its online services on April 8, 2014 following the disclosure of the bug, the agency was notified by the Government of Canada's lead security agencies that 900 taxpayers' social insurance numbers were stolen over a six-hour period by someone exploiting the Heartbleed vulnerability.
"We are currently going through the painstaking process of analyzing other fragments of data, some that may relate to businesses, that were also removed," CRA commissioner Andrew Treusch said in a statement.
All those affected are being notified by registered mail, and are being offered free access to credit protection services.https://o1.qnsr.com/log/p.gif?;n=203;c=204660766;s=9477;x=7936;f=201812281312070;u=j;z=TIMESTAMP;a=20392931;e=i
"CRA online services are safe and secure," Treusch added. "The CRA responded aggressively to successfully protect our systems. We have augmented our monitoring and surveillance measures, so that the security of the CRA site continues to meet the highest standards."