CRA lockout of accounts | General financial discussion | Discussion forum

Please consider registering
guest

sp_LogInOut Log In sp_Registration Register

Register | Lost password?
Advanced Search

— Forum Scope —




— Match —





— Forum Options —





Minimum search word length is 3 characters - maximum search word length is 84 characters

sp_Feed Topic RSS sp_TopicIcon
CRA lockout of accounts
February 27, 2021
6:47 am
Laertes
Member
Members
Forum Posts: 50
Member Since:
June 10, 2020
sp_UserOfflineSmall Offline

I didn't see mention of this in other threads. Sorry if my search capabilities are off.

Anyway, I'm sure you've heard about this: https://www.cbc.ca/news/technology/cra-accounts-locked-1.5916607.

Long story short, has anyone received "information in the mail" yet to get their accounts unlocked?

Longer story: February 11, I couldn't get into my CRA account due to "Error 021." I phoned CRA (1-800-959-8281). On hold for 2.5 hours, and spoke to two CSRs, who said everything looked fine, but they couldn't do anything. Someone would have to call me. I would get a call within three business days.

While waiting, on February 16, I got an email from CRA that my email "address has been removed from [my] Canada Revenue Agency account." No call, to date, from CRA.

The article at the CBC says that people locked out of their accounts will receive information by mail to access their accounts.

Has anyone received anything in the mail yet? Or alternatively, does anyone know how long it will take to get something in the mail?

Sorry if this has been discussed somewhere else. I couldn't find it, if so.

March 1, 2021
11:29 am
Londonguy
Member
Members
Forum Posts: 535
Member Since:
May 27, 2016
sp_UserOfflineSmall Offline

There was a flurry of discussion about it over here when it happened --

https://www.highinterestsavings.ca/forum/income-tax-filing/software-that-lets-you-print-and-mail-your-return/page-2/

I wasn't affected personally but one of my children was. Same deal as you, i.e. after getting the weird email they called in to CRA and were told out that their email addy was deleted so that it couldn't be used as an avenue for a continued attack.

Haven't heard or seen anything from CRA since, but in their defence: (a) this only happened a couple weeks ago, (b) it reportedly impacts over 100,000 accounts, (c) the pandemic that affects CRA employee efficiency is still on, and (d) CRA is in the middle of their busiest time of year.

Drumming up 100,000+ customized notices to people about how to regain access to those 100,000 accounts has now been piled on top. That explanation might not give you much comfort but it's understandable

March 5, 2021
6:05 am
Laertes
Member
Members
Forum Posts: 50
Member Since:
June 10, 2020
sp_UserOfflineSmall Offline

Thanks, London. I've looked at the other thread.... I had no idea that best practices online meant having unique User ID everywhere.... I have unique passwords for everything, but not a unique login name / User ID.

March 6, 2021
8:45 pm
Norman1
Member
Members
Forum Posts: 7205
Member Since:
April 6, 2013
sp_UserOfflineSmall Offline

One doesn't need to have unique user ID's everywhere. It is the unique passwords that matter.

Using the same password everywhere allows someone to compromise any one of the sites or accounts to obtain access to the remaining sites or accounts.

Using the same password also multiplies the attempts available to someone trying to guess the password. Once guessed, the fraudster is then able to supply the correct password on the first try to the accounts. That's what happened in OBSI case Using Easily Guessable Passwords.

March 7, 2021
7:14 am
AltaRed
BC Interior
Member
Members
Forum Posts: 3145
Member Since:
October 27, 2013
sp_UserOfflineSmall Offline

Agreed. User ID is not the important piece here. Unique and complex passwords are.

As a further point, most 'accounts' (not financial institutions) insist on using email addresses as the User ID. That is not an issue BUT one should consider using a global email address for these accounts, e.g. Gmail, Outlook, iCloud, Yahoo, instead of one's own ISP email address system. That is because if one was to change their ISP from Bell or Shaw or Telus to another ISP, one will lose their existing ISP based email address. Most 'accounts' do not allow for changes in User ID and thus one is hooped.

I have 4 separate email addresses, one of which is my ISP that I don't use, and the other three are from global providers.

Please write your comments in the forum.