BlakFXCybersecurityHackingSecurity AuditWork

Canadian Revenue Agency Hack Could Have Prevented Loss of PII

The Canada Revenue Agency (CRA), which manages tax and benefit payments for Canadian citizens, was hacked over the weekend. The attack occurred easily enough by utilizing existing individual usernames and passwords. Hackers simply logged in through the user account home page on the CRA web-site.

Governments every where need the have most advanced data security products that are available. Not just for the obvious sake of national security, but due to the fact that all citizenry personal identifiable information (PII) is in their data bases. Home and work addresses, family members, tax and income data, employment history, bank records, healthcare files, education, legal and criminal files, driving records, benefit payments. military service, surveillance data etc. Almost everything citizens do digitally, is collected by government at some point in the transaction process.

In this example with the CRA, the PII data theft would have been impossible if the CRA and its web-site users were utilizing the Helix22 SDK. Helix22 protects data even in the case of a straight forward break-in like this attack where authentication was supposedly legitimate. Helix22 delivers this level of data protection through the protocol we are pioneering, which is genuine User2User (U2U) encryption.

With U2U encryption, Helix22 will only open data on identified and protected devices. Therefore, any government data that is modified, forwarded, copied or saved cannot be exfiltrated unless on the identified users device. Therefore, in this particular attack, any data that was accessed would not have been usable.

As global governments urge citizens to use more services on line, and the Covid-19 circumstances accelerate the transition, governments everywhere need to be at their best, even if they think the log-in is legitimate. The issue with just an username and password is that it puts the onus on the citizen to keep this information private and to rely on them to implement good security procedures, such as different user names, password managers and 2FA. Unfortunately, this is beyond most people’s ability and way beyond their convenience threshold. The onus therefore has to rest with government.

Moving forward, governments have to take 100% responsibility for personal and private information with a 100% data security solution.

Helix22 – Zero Risk