The Canadian Revenue Agency has announced that 900 Social Insurance Numbers (SINs) were stolen from their website as a result of the Heartbleed security bug. The agency noticed the breach in the early morning of April 14, and determined that the 900 numbers had been stolen during a six-hour time frame.
The Heartbleed bug has been described as the bug that “broke the internet,” compromising the security of almost two-thirds of the world’s websites. This bug is a flaw of OpenSSL, the software code that encrypts private information like banking passwords and other information — things that most consumers only provide when they see an “https” address or the “little lock” to the left of a web address.
Researchers discovered that usernames, passwords, IMs, emails, and business documents, and communications were obtainable when a site was weakened by Heartbleed. So powerful is this bug, in fact, that the United States’ National Security Agency (NSA) put Heartbleed in its “arsenal” of hacking tools to obtain passwords and data for hacking purposes.
Cleanup efforts by the Canadian Revenue Agency include registered letters to those affected (with the warning that phone calls and emails should be treated as fraudulent) and free-of-charge credit protection services. According to the agency, they are “currently going through the painstaking process of analyzing other fragments of data, some that may relate to businesses, that were also removed.”