Log In
Register
Home
Topic RSS
Facebook
Twitter
Email this6:47 am
June 10, 2020
Offline
I didn't see mention of this in other threads. Sorry if my search capabilities are off.
Anyway, I'm sure you've heard about this: https://www.cbc.ca/news/technology/cra-accounts-locked-1.5916607.
Long story short, has anyone received "information in the mail" yet to get their accounts unlocked?
Longer story: February 11, I couldn't get into my CRA account due to "Error 021." I phoned CRA (1-800-959-8281). On hold for 2.5 hours, and spoke to two CSRs, who said everything looked fine, but they couldn't do anything. Someone would have to call me. I would get a call within three business days.
While waiting, on February 16, I got an email from CRA that my email "address has been removed from [my] Canada Revenue Agency account." No call, to date, from CRA.
The article at the CBC says that people locked out of their accounts will receive information by mail to access their accounts.
Has anyone received anything in the mail yet? Or alternatively, does anyone know how long it will take to get something in the mail?
Sorry if this has been discussed somewhere else. I couldn't find it, if so.
11:29 am
May 27, 2016
Offline
There was a flurry of discussion about it over here when it happened --
I wasn't affected personally but one of my children was. Same deal as you, i.e. after getting the weird email they called in to CRA and were told out that their email addy was deleted so that it couldn't be used as an avenue for a continued attack.
Haven't heard or seen anything from CRA since, but in their defence: (a) this only happened a couple weeks ago, (b) it reportedly impacts over 100,000 accounts, (c) the pandemic that affects CRA employee efficiency is still on, and (d) CRA is in the middle of their busiest time of year.
Drumming up 100,000+ customized notices to people about how to regain access to those 100,000 accounts has now been piled on top. That explanation might not give you much comfort but it's understandable
6:05 am
June 10, 2020
Offline
Thanks, London. I've looked at the other thread.... I had no idea that best practices online meant having unique User ID everywhere.... I have unique passwords for everything, but not a unique login name / User ID.
8:45 pm
April 6, 2013
Offline
One doesn't need to have unique user ID's everywhere. It is the unique passwords that matter.
Using the same password everywhere allows someone to compromise any one of the sites or accounts to obtain access to the remaining sites or accounts.
Using the same password also multiplies the attempts available to someone trying to guess the password. Once guessed, the fraudster is then able to supply the correct password on the first try to the accounts. That's what happened in OBSI case Using Easily Guessable Passwords.
7:14 am
October 27, 2013
Offline
Agreed. User ID is not the important piece here. Unique and complex passwords are.
As a further point, most 'accounts' (not financial institutions) insist on using email addresses as the User ID. That is not an issue BUT one should consider using a global email address for these accounts, e.g. Gmail, Outlook, iCloud, Yahoo, instead of one's own ISP email address system. That is because if one was to change their ISP from Bell or Shaw or Telus to another ISP, one will lose their existing ISP based email address. Most 'accounts' do not allow for changes in User ID and thus one is hooped.
I have 4 separate email addresses, one of which is my ISP that I don't use, and the other three are from global providers.
Please write your comments in the forum.