The Canada Revenue Agency paid out millions of dollars in false refunds to cyber scammers over multiple years, an investigation by CBC’s The Fifth Estate and Radio-Canada has revealed.
From 2020 through 2023, “imposters used [H&R Block Canada’s] confidential credentials to get unauthorized access into hundreds of Canadians’ personal CRA accounts, change direct deposit information, submit false returns and pocket more than $6 million in bogus refunds from the public purse,” wrote Harvey Cashore and Daniel Leblanc for CBC News.
The CRA contacted Revenue Minister Marie-Claude Bibeau, the CBC reports, but the public was never alerted to the incident and H&R denies the breach.
This cyber attack is “just one example of many that are overwhelming the CRA,” according to the CBC, citing “gaping flaws in the agency’s ability to detect fraud.” The CRA admitted to the CBC that it was hit with more than 31,000 privacy breaches from 2020 to 2023, impacting 62,000 individual Canadian taxpayers.
And it’s not just Canada’s tax agency that is paying a high toll for lack of sufficient cyber defences.
From London Drugs to Indigo, well-known Canadian brands continue to suffer from cyber assault.
Part of the problem is a marked lack of tech talent in the field. With roughly 25,000 empty positions to fill, Canada’s cybersecurity sector remains well shy of filling the void, and that’s an issue—especially considering cyber attacks have been on the rise globally in recent years.
The cost is tangible: IBM found that the average data breach costs a Canadian company more than $6 million, above the global average. There’s also a hit to a brand’s reputation whenever it fails to protect consumers’ private data as promised.
It’s not all bad, though. Many entities across Canada are doing what they can do combat the talent dearth.
In September, for example, the Government of British Columbia announced the continuation of a partnership with NPower Canada, Microsoft Canada, and CIBC to expand the Canadian Tech Talent Accelerator program, a collaboration enabled by Canada’s Global Innovation Cluster for digital technologies, DIGITAL. An investment of $4 million will prepare 1,800 job seekers across British Columbia for careers in the technology sector.
Another example is Check Point’s expansion of the SecureAcademy Program in Canada to provide students with cybersecurity skills. Operating across universities and colleges, including the British Columbia Institute of Technology, Willis College, and the University of Calgary, SecureAcademy delivers a curriculum that encompasses topics such as threat prevention, network security, cloud security, mobile security, and security management.
Other organizations helping to fuel the cybersecurity talent pipeline in Canada include BC-born Lighthouse Labs, which runs the Cybersecurity Bootcamp Program since 2021, as well as universities like uOttawa and international giants such as Google. There’s also the Catalyst Cyber Accelerator at Toronto Metropolitan University as well as CyberSci, which runs a series of regional cyber challenge events in major cities across Canada each year.
