Hackers have taken the Social Insurance Numbers of approximately 900 Canadians from Canada Revenue Agency computers, the tax agency says.
The attack on the government computers came while they were vulnerable to the Heartbleed bug, the CRA reported on Monday.
“The CRA is one of many organizations that was vulnerable to Heartbleed, despite our robust controls,” the agency said on Monday.
The RCMP is investigating, CRA commissioner Andrew Treusch said in a press release.
There also was no description of whose SIN numbers were erased.
“The Agency will not be calling or emailing individuals to inform them that they have been impacted – we want to ensure that our communications are secure and cannot be exploited by fraudsters through phishing schemes,” Treusch said in his statement.
The federal tax agency blocked public access to its online services for several days last week until it put in place measures to address the security risk, but says there was nonetheless a data breach over a six-hour period.
It says it is analyzing other fragments of data that have been removed from its systems, while putting measures in place to protect those affected by the breach.
The agency says everyone affected will receive a registered letter and free access to credit protection services.
The Heartbleed bug is caused by a flaw in OpenSSL software, which is commonly used on the Internet to provide security and privacy.
The bug is affecting many global IT systems in both private and public sector organizations and has the potential to expose private data.
With files from Canadian Press