CRA update regarding the Heartbleed Bug – Online services restored
The Canada Revenue Agency (CRA) is pleased to report that all of its online systems have been restored to full service as of April 13, 2014. Individuals, businesses and representatives are now able to file returns, make payments, and access all other e-services available through the CRA's website, including all our secure portals.
On April 7, the CRA was informed of an Internet security vulnerability named the Heartbleed Bug that had the potential to affect technology systems around the world. This represented a serious challenge for CRA, which has worked around the clock with Shared Services Canada to apply a "patch" or solution that addresses this vulnerability. Its effectiveness has been rigorously and successfully tested on CRA systems, resulting in restoration of our e-services.
"Our systems are back online. We apologise for the delay and the inconvenience it has caused to Canadians. That said, the delay was necessary. We could not allow these systems back online until we were fully confident they were safe and secure for Canadian taxpayers," said CRA Commissioner Andrew Treusch.
"I would like to reiterate that interest and penalties will not be applied to individual taxpayers filing their 2013 tax returns after April 30, 2014 for a period equal to the length of the service interruption. This means individual tax returns for 2013 filed by May 5 will not incur interest or penalties," said the Minister of Revenue, Kerry-Lynne D. Findlay.
"On behalf of the CRA, we are grateful for the collaboration of the public and our stakeholders, including our Community Volunteer Income Tax Program volunteers, the tax preparer community and the business community, for their cooperation and patience as we worked to resolve this service interruption."
Further information is available through Frequently Asked Questions on the CRA website. The Agency remains committed to maintaining the confidence of Canadians by taking all steps necessary to ensure the confidentiality of taxpayer information.
Daily updates at 3PM EST are available on Canada Revenue Agency's home page until the situation is resolved.
Statement from the Canada Revenue Agency
The Canada Revenue Agency (CRA) places first priority on ensuring the confidentiality of taxpayer information.
We have received information concerning an Internet security vulnerability named the Heartbleed Bug. As a preventative measure, the CRA has temporarily shut down public access to our online services to safeguard the integrity of the information we hold. Applications include online services like EFILE, NETFILE, My Account, My Business Account and Represent a Client.
The CRA recognizes that this problem may represent a significant inconvenience for individual Canadians, representatives and businesses that count on the CRA for online information and services. Please be assured that we are fully engaged in resolving this matter and restoring online services as soon as possible in a manner that ensures the private information of Canadians remains safe and secure.
Please note that consideration will also be given to taxpayers who are unable to comply with their filing requirements because of this service interruption.
We are committed to investigating any potential impacts to taxpayer information. We will provide further information and daily updates at 3PM EST on our home page until the situation is resolved.
The NETFILE transmission service will open on Monday, February 10, 2014. This service will be available 21 hours a day, 7 days a week, until January 16, 2015.
Starting in February, 2014 , newcomers to Canada can take advantage of our electronic filing options. The taxpayer must have a date of entry into Canada during the tax year they are filing for. In addition, they must have one of the following in order to file their return electronically:
Software developers whose products are certified for NETFILE are not representatives of the CRA. Canadian taxpayers are not obliged to submit personal information directly to the software developer when requesting software support. The CRA would like to remind you that email is not a secure method of communication. Sending personal information by email is especially a concern with the increased risk of identity theft.