Revenue Minister won’t comment after major security breach at tax collection agency

Political notebook: Social insurance numbers of 900 Canadians swiped from Canada Revenue Agency website

While Canadians look for answers on the major security breach at the Canada Revenue Agency, National Revenue Minister Kerry-Lynne Findlay refused to comment Monday on the matter and federal departments seemed to have their wires crossed somewhat on who’s responsible on some of the files.

The social insurance numbers of approximately 900 Canadians were stolen from the CRA’s website after its Internet software was compromised by the so-called Heartbleed computer bug, the agency announced Monday. Yet, the minister was not made available to comment or answer the growing number of questions Canadians have on the issue.

“As the breach is the result of a criminal attack and subject of an ongoing RCMP investigation, we can’t comment further at this time,” a spokesperson in Findlay’s office said Monday.

The Canada Revenue Agency also refused to say which federal security agency notified the CRA of the breach of taxpayer data.

The CRA had shut down its online tax-filing services Wednesday in response to security concerns about the Heartbleed bug. The agency announced Sunday that its online systems had been fully restored, including allowing Canadians to file their tax returns.

“It’s been a week now and the Conservatives have failed to provide Canadians with basic information, like what kind of data the hackers accessed, what their plan is to protect people who filed their taxes online, and how they will ensure that this does not happen again,” NDP revenue critic Murray Rankin said in a statement.

“This is not the first security breach with the CRA and this lack of transparency simply isn’t good enough.”

The federal government would not provide Monday a list of which department and agency websites or services were affected by the Heartbleed bug, other than to say that service had been restored to all publicly accessible Government of Canada websites.

The Ottawa Citizen inquired Monday with the Treasury Board Secretariat — which has been coordinating much of the federal response — as well as Shared Services Canada, the agency responsible for managing the federal government’s information technology infrastructure, for a list of the various department websites that were shut down or affected.

However, a spokesperson for Treasury Board president Tony Clement told the Citizen to check with Shared Services Canada for information on specific websites that may have been affected.

But an official from the office of Public Works Minister Diane Finley, who’s responsible for Shared Services Canada, said Treasury Board is the lead department on the file and to check back with them.

Employment and Social Development Canada (ESDC), which is responsible for Service Canada, said programs like Employment Insurance and Old Age Security have not been affected by the bug.

The department has flagged the SINs of all affected clients in the Social Insurance Register and ESDC says it will notify individuals if there are any concerns about changes made to information on their SIN records.