Following a massive cybersecurity breach that affected thousands of Canadian CRA accounts, experts say that a behavioural shift in how the public approaches cybersecurity is important, but institutions need to take the lead.
<p class="canvas-atom canvas-text Mb(1.0em) Mb(0)–sm Mt(0.8em)–sm" type="text" content="The CBC first reported the series of cyberattacks that compromised the personal information of 11,200 accounts. The hackers targeted the Canada Revenue Agency and GCKey, an online portal through which Canadians are able to access employment insurance and other benefits. ” data-reactid=”24″>The CBC first reported the series of cyberattacks that compromised the personal information of 11,200 accounts. The hackers targeted the Canada Revenue Agency and GCKey, an online portal through which Canadians are able to access employment insurance and other benefits.
The hackers obtained information through “credential stuffing,” a type of attack where attackers obtain username and passwords that have been used on other websites, acting chief information officer for the Treasury Board of Canada Secretariat, Marc Brouillard, said during a press conference.
Annette Butikofer, chief information officer at the CRA, said the agency was impacted on three separate occasions. She added that the hacked accounts have temporarily been revoked and individuals affected will get a letter from the CRA that will tell them how they can regain access to their accounts.
<h2 class="canvas-atom canvas-text Mb(1.0em) Mb(0)–sm Mt(0.8em)–sm" type="text" content="Onus is on organizations: Cavoukian” data-reactid=”27″>Onus is on organizations: Cavoukian
Ann Cavoukian, former information and privacy commissioner of Ontario, said that the CRA should have been more responsible for ensuring their systems are up to date so attacks like this didn’t happen.
“You can’t put this on the individuals by saying they have crummy passwords,” she said. “To expect individuals to regularly change their passwords and make it difficult, that’s just not going to happen. I think the CRA has to devise stronger systems.”
One way to do this would be implementing end-to-end encryption, a type of secure communication that would prevent third-parties from being able to access data.
“If systems are not encrypted, hackers are going to jump all over it,” Cavoukian said. “Why the heck doesn’t the CRA elevate the level of security and protection by encrypting the data to make it much more difficult [for hackers]?”
Shared Services Canada said in an email that GCKey is an end-to-end encrypted service, and that the service itself was not compromised.
In the press conference, Brouillard said that systems did not include two-factor authentication because the system has to include security measures that are accessible by all Canadians.
“We are constantly evaluating our security posture and addressing issues, adding mitigations. This is an ongoing challenge,” he said. “Two factor- authentication systems would have prevented this, [as well as technology] where you are required to have a key or device. But that is something that is challenging, not everyone can have those things. We also have to worry about making our systems accessible and easy to use.”
Brouillard noted that the government is looking into different technologies “where multi-factor is available” and they are encouraging Canadians to adopt the practice.
<p class="canvas-atom canvas-text Mb(1.0em) Mb(0)–sm Mt(0.8em)–sm" type="text" content="Sumit Bhatia, director of communications and knowledge mobilization with Ryerson’s Cybersecure Catalyst told Yahoo Finance Canada that the lack of clarity on what cybersecurity protocols the CRA uses is concerning. ” data-reactid=”36″>Sumit Bhatia, director of communications and knowledge mobilization with Ryerson’s Cybersecure Catalyst told Yahoo Finance Canada that the lack of clarity on what cybersecurity protocols the CRA uses is concerning.
“I’m assuming that like any other company when a breach takes place, there’s some sort of an audit that happens. And then there’s some consideration placed on how they would share what their cybersecurity best practices are,” he said.
“We don’t have two-factor authentication and that just leads to believe that there’s still work to be done on their side with regards to how they manage security.”
Bhatia says that changing technology in a government system takes time, and that one change could impact an entire system dramatically.
“These organizations are using legacy systems and they have to plan out a roll out in a way where one piece does not have a major impact on others,” he said.
“Attacks like this are also an indication that people need to be made aware of their role and responsibility in dealing with public systems and that’s where evolution becomes a priority.”
Bhatia also added that while the CRA needs to implement stronger technology, in the long term Canadians need better cybersecurity education that starts at the grade school level.
“We are talking about a cultural shift and by that, I mean about living in an era where security can’t be an afterthought like it was a few years ago,” he said.
“We are teaching six-year-old kids to learn how to code, how are we not making sure that every time they are taught about technology, or how to use a phone, laptop, or iPad, but we are not starting the discussion about security?”
The RCMP has confirmed it will be investigating the attacks but has not released any information in terms of who is responsible.
<p class="canvas-atom canvas-text Mb(1.0em) Mb(0)–sm Mt(0.8em)–sm" type="text" content="Download the Yahoo Finance app, available for Apple and Android and sign up for the Yahoo Finance Canada Weekly Brief.” data-reactid=”50″>Download the Yahoo Finance app, available for Apple and Android and sign up for the Yahoo Finance Canada Weekly Brief.
TORONTO – Roots Corp. may have built its brand on all things comfy and cosy, but its CEO says activewear is now “really becoming a core part” of the brand.
The category, which at Roots spans leggings, tracksuits, sports bras and bike shorts, has seen such sustained double-digit growth that Meghan Roach plans to make it a key part of the business’ future.
“It’s an area … you will see us continue to expand upon,” she told analysts on a Friday call.
The Toronto-based retailer’s push into activewear has taken shape over many years and included several turns as the official designer and supplier of Team Canada’s Olympic uniform.
But consumers have had plenty of choice when it comes to workout gear and other apparel suited to their sporting needs. On top of the slew of athletic brands like Nike and Adidas, shoppers have also gravitated toward Lululemon Athletica Inc., Alo and Vuori, ramping up competition in the activewear category.
Roach feels Roots’ toehold in the category stems from the fit, feel and following its merchandise has cultivated.
“Our product really resonates with (shoppers) because you can wear it through multiple different use cases and occasions,” she said.
“We’ve been seeing customers come back again and again for some of these core products in our activewear collection.”
Her remarks came the same day as Roots revealed it lost $5.2 million in its latest quarter compared with a loss of $5.3 million in the same quarter last year.
The company said the second-quarter loss amounted to 13 cents per diluted share for the quarter ended Aug. 3, the same as a year earlier.
In presenting the results, Roach reminded analysts that the first half of the year is usually “seasonally small,” representing just 30 per cent of the company’s annual sales.
Sales for the second quarter totalled $47.7 million, down from $49.4 million in the same quarter last year.
The move lower came as direct-to-consumer sales amounted to $36.4 million, down from $37.1 million a year earlier, as comparable sales edged down 0.2 per cent.
The numbers reflect the fact that Roots continued to grapple with inventory challenges in the company’s Cooper fleece line that first cropped up in its previous quarter.
Roots recently began to use artificial intelligence to assist with daily inventory replenishments and said more tools helping with allocation will go live in the next quarter.
Beyond that time period, the company intends to keep exploring AI and renovate more of its stores.
It will also re-evaluate its design ranks.
Roots announced Friday that chief product officer Karuna Scheinfeld has stepped down.
Rather than fill the role, the company plans to hire senior level design talent with international experience in the outdoor and activewear sectors who will take on tasks previously done by the chief product officer.
This report by The Canadian Press was first published Sept. 13, 2024.
VANCOUVER – Mediated talks between the union representing HandyDART workers in Metro Vancouver and its employer, Transdev, are set to resume today as a strike that has stopped most services drags into a second week.
No timeline has been set for the length of the negotiations, but Joe McCann, president of the Amalgamated Transit Union Local 1724, says they are willing to stay there as long as it takes, even if talks drag on all night.
About 600 employees of the door-to-door transit service for people unable to navigate the conventional transit system have been on strike since last Tuesday, pausing service for all but essential medical trips.
Hundreds of drivers rallied outside TransLink’s head office earlier this week, calling for the transportation provider to intervene in the dispute with Transdev, which was contracted to oversee HandyDART service.
Transdev said earlier this week that it will provide a reply to the union’s latest proposal on Thursday.
A statement from the company said it “strongly believes” that their employees deserve fair wages, and that a fair contract “must balance the needs of their employees, clients and taxpayers.”
This report by The Canadian Press was first published Sept. 12, 2024.
MONTREAL – Travel company Transat AT Inc. reported a loss in its latest quarter compared with a profit a year earlier as its revenue edged lower.
The parent company of Air Transat says it lost $39.9 million or $1.03 per diluted share in its quarter ended July 31.
The result compared with a profit of $57.3 million or $1.49 per diluted share a year earlier.
Revenue in what was the company’s third quarter totalled $736.2 million, down from $746.3 million in the same quarter last year.
On an adjusted basis, Transat says it lost $1.10 per share in its latest quarter compared with an adjusted profit of $1.10 per share a year earlier.
Transat chief executive Annick Guérard says demand for leisure travel remains healthy, as evidenced by higher traffic, but consumers are increasingly price conscious given the current economic uncertainty.
This report by The Canadian Press was first published Sept. 12, 2024.
