Crooks use Heartbleed exploit to steal 900 Canadian tax IDs
While it might not be the worst-case scenario, a security breach at the Canada Revenue Agency could be the worst known real-world exploit of the Heartbleed vulnerability since it went global last week. The CRA claims that almost 1,000 Social Insurance Numbers, as well as unspecified business data was removed from the CRA systems by hackers using the high-profile server vulnerability. Most significantly, the breach happened after the CRA (and the world) learned about Heartbleed. While the agency took swift action to start securing its own systems (which were affected by the bug), it looks like the opportunistic hackers beat them to it, and managed to bag the identifying data before being shut out. Further analysis by the government agency assures the public that there is no evidence of any similar breach either before or since this incident. The Canadian authorities will be applying additional security measures to the accounts that were compromised to hopefully prevent any misuse of the data. While this might be of little comfort to the 900 or so taxpayers who had their information pilfered, it highlights the importance for organizations, -- government or otherwise -- to not waste any time stemming the flow.