"Internet vulnerability" behind weekend's CRA website shutdown

"Internet vulnerability" behind weekend's CRA website shutdown

Describing it as an "internet vulnerability" that was discovered during website maintenance, the CRA went offline Friday and services were restored Sunday afternoon.

The notice says people can still complete their forms, but will have to wait to file.

Sunday afternoon around 5 p.m. EDT, all of CRA's digital services were returned to service.

Treasury Board officials will provide details today about an online "vulnerability" that forced the shutdown of a number of federal services over the weekend, including electronic tax filing at the Canada Revenue Agency.

CRA couldn't immediately comment on the seriousness of the threat or whether this was the first time its services had been taken off line due to security concerns.

CRA said suspending the online services was a precaution, not the result of a successful hack or breach, and that maintenance security patches would ensure all information would remain safe. Canadians should not expect a delay in getting their refund.

The CRA's servers are on Shared Services Canada IP addresses, and according to Netcraft were running Apache 2.2.31 on *nix when last scanned on March 7, behind an F5 Big-IP for protection.

The services include ones such as "My Account", "My Business Account", "Netfile", "EFILE" and "Auto-Fill My Return".

Samson also said previously filed tax returns were still being looked at during the disruption.

Related news