News release

Privacy Commissioner launches investigation into data breaches at Canada Revenue Agency

October 29, 2024 – Gatineau, Quebec

Privacy Commissioner of Canada Philippe Dufresne has launched an investigation into the Canada Revenue Agency (CRA) related to cyberattacks that led to more than 30,000 privacy breaches dating back to 2020.

The CRA reported the breaches to the Office of the Privacy Commissioner of Canada (OPC) in May 2024 and the OPC has been engaging with the tax agency since that time to find out more about the situation in order to determine next steps.

The investigation was launched following the receipt of a complaint. It will examine whether the CRA met its obligations under the Privacy Act, the federal public sector privacy law. Federal institutions are required to report breaches in accordance with Treasury Board Secretariat directives.

Individuals can take steps to protect themselves by checking their CRA accounts for suspicious activity and by changing their account passwords. If they have concerns, they should follow up with the CRA.

As the matter involves an active investigation, no additional details are available at this time.

Media contact

Office of the Privacy Commissioner of Canada
communications@priv.gc.ca