The Canada Revenue Agency locked roughly 800,000 accounts after a routine check found that the login information was available to “unauthorized individuals,” the federal tax agency said Friday.
Impacted users will be locked out of their accounts as a preventive measure until they create a new user ID and password, the CRA said in a statement.
The accounts were not compromised as a result of a cyberattack or breach of the agency’s online systems, the CRA said.
Instead, the login information may have been obtained by unauthorized third parties “through a variety of means by sources external to the CRA,” including email phishing schemes, the agency said.
The statement comes less than a month after the tax agency issued a similar warning that an unspecified number of user IDs and passwords had been locked as they may have been accessed by unauthorized individuals.