TORONTO —
When Leah Baverstock received an email on August 7 telling her that her application for the Canadian Emergency Response Benefit (CERB) had been approved, she was more than a little confused.
After all, she hadn’t applied to the program.
Baverstock is one of thousands of Canadians who had their accounts with the Canada Revenue Agency compromised this month after a “credential stuffing” scheme, in which hackers used previously obtained personal information, such as logins and passwords, to access users’ online accounts.
“It’s definitely scary times,” Baverstock told CTV News Channel. “I hadn’t applied for the CERB, so that was a bit of a shocker, so I ended up calling the CRA.
“The lady I spoke with said it was a one-off. She said, ‘I’m sorry that this happened to you,’ she proceeded to give me a list of people to call, to let them know it had happened. And then I heard about the other 5,000 or 9,000 people that this happened to, and I thought, ‘This is not a one-off.’”
Officials confirmed Monday that the 5,500 CRA accounts initially reported to have been breached were the tip of the iceberg: a total of 11,200 accounts for the Government of Canada services were compromised in the attack, including CRA accounts and “GCKey” accounts, which 30 government departments use.
Marc Brouillard, the acting chief technology officer for the Government of Canada, said Monday that “bad actors […] were also able to exploit a vulnerability in the configuration of security software solutions, which allowed them to bypass the CRA security questions and gain access to a user’s CRA account.”
Government officials have said that they first became aware of a security breach on Aug 7 — the same day Baverstock reports calling the CRA about her account — but didn’t contact the RCMP until Aug 11.
And Canadians were not informed of the breach until this past weekend, days after further attacks had been executed.
The CRA has defended its decision not to inform Canadians immediately, saying it needed time to inform people internally and try to regain access to breached accounts.
“I think about your social insurance number being your Canadian identification number, and I think if somebody has access to that, than they have access to basically anything,” Baverstock said.
“So I called the anti-fraud unit — they’re closed due to COVID. I called Service Canada, I let them know about what was happening with my social insurance number.”
She said she’d also been in contact with her bank and other accounts she has “to let them know it’s happened, to put some additional security in place if somebody does try to apply for credit in my name.
“But it concerns me because somebody could live under my name, under my social insurance number,” she pointed out. “Live as me.”
Experts in cyber security say that reusing your passwords and logins can make you vulnerable to these types of attacks, since one breach of one account could give a hacker the tools to login to numerous accounts as you.
But passwords aren’t the full picture of this breach.
Baverstock says she didn’t even have a password for her CRA account.
“Apparently you need a code to get in, so I applied for the code back in March and they said they would mail it to me,” she said. “I still haven’t received it, and I can’t even log into my CRA account, so it blows my mind that other people can.”
Baverstock is not impressed with the CRA’s response, saying she still has no idea what is happening with her account.
“When I spoke to the officer at CRA, she advised that a senior officer would call me within 24 hours, because my account has been completely locked down,” she said. “I can’t have any information.”
She said she still has not received a call back.
“It’s been over a week,” she said. “The CRA agent, she said that there are been multiple attempts to go into my account over the past little while, I guess they can see that in their system, so, I mean I’m thinking at that point they should’ve locked my account down right then and there and notified me.
TORONTO – Restaurant Brands International Inc. reported net income of US$357 million for its third quarter, down from US$364 million in the same quarter last year.
The company, which keeps its books in U.S. dollars, says its profit amounted to 79 cents US per diluted share for the quarter ended Sept. 30 compared with 79 cents US per diluted share a year earlier.
Revenue for the parent company of Tim Hortons, Burger King, Popeyes and Firehouse Subs, totalled US$2.29 billion, up from US$1.84 billion in the same quarter last year.
Consolidated comparable sales were up 0.3 per cent.
On an adjusted basis, Restaurant Brands says it earned 93 cents US per diluted share in its latest quarter, up from an adjusted profit of 90 cents US per diluted share a year earlier.
The average analyst estimate had been for a profit of 95 cents US per share, according to LSEG Data & Analytics.
This report by The Canadian Press was first published Nov. 5, 2024.
ST. JOHN’S, N.L. – Fortis Inc. reported a third-quarter profit of $420 million, up from $394 million in the same quarter last year.
The electric and gas utility says the profit amounted to 85 cents per share for the quarter ended Sept. 30, up from 81 cents per share a year earlier.
Fortis says the increase was driven by rate base growth across its utilities, and strong earnings in Arizona largely reflecting new customer rates at Tucson Electric Power.
Revenue in the quarter totalled $2.77 billion, up from $2.72 billion in the same quarter last year.
On an adjusted basis, Fortis says it earned 85 cents per share in its latest quarter, up from an adjusted profit of 84 cents per share in the third quarter of 2023.
The average analyst estimate had been for a profit of 82 cents per share, according to LSEG Data & Analytics.
This report by The Canadian Press was first published Nov. 5, 2024.
TORONTO – Thomson Reuters reported its third-quarter profit fell compared with a year ago as its revenue rose eight per cent.
The company, which keeps its books in U.S. dollars, says it earned US$301 million or 67 cents US per diluted share for the quarter ended Sept. 30. The result compared with a profit of US$367 million or 80 cents US per diluted share in the same quarter a year earlier.
Revenue for the quarter totalled US$1.72 billion, up from US$1.59 billion a year earlier.
In its outlook, Thomson Reuters says it now expects organic revenue growth of 7.0 per cent for its full year, up from earlier expectations for growth of 6.5 per cent.
On an adjusted basis, Thomson Reuters says it earned 80 cents US per share in its latest quarter, down from an adjusted profit of 82 cents US per share in the same quarter last year.
The average analyst estimate had been for a profit of 76 cents US per share, according to LSEG Data & Analytics.
This report by The Canadian Press was first published Nov. 5, 2024.
