Security of your CRA My Account and My Business Account

If your CRA user ID and password have been revoked

Some taxpayers may have received a notification that their CRA user ID and password have been revoked. Visit CRA user ID and password have been revoked for more information.

Protect your My Business Account

Monitor your My Business Account for any suspicious activity, which can include unsolicited changes to banking, mailing address, unauthorized appointment or changes of representatives or benefit applications made on your behalf.

Business owners who suspect their account has been compromised can report it to the CRA or call to talk to an agent on our Business Enquiries line at 1-800-959-5525 (between 9:00 a.m. and 6:00 p.m. local time, Monday to Friday), 1-866-841-1876 for Yukon, Northwest Territories and Nunavut or if they are outside of Canada and the U.S., at 613-940-8497 (between 9:00 a.m. to 6:00 p.m., Monday to Friday, EST).

The Government of Canada, like other government and private sector organizations, faces ongoing and persistent security threats to its online services. Over the past few years, the Canada Revenue Agency (CRA) has noticed an increase in activity by unauthorized third parties attempting to gain access to taxpayers’ CRA accounts.

If you are concerned about or suspect unauthorized access to your CRA account, we are here to help. We are continually working to protect taxpayer information and to prevent online security incidents.

On this page

If your account is compromised

If you believe your My Account, My Business Account or Represent a Client account(s) have been compromised, please see the information below.

Receiving a letter from us

We are sending letters by registered mail to individuals and businesses affected by incidents of suspected unauthorized access. If you receive a letter notifying you that your account has been compromised, follow the instructions in the letter.

Reporting suspicious activity on your CRA online account

If you notice changes to your CRA account information that you did not request, or if you think information has been compromised, report it to the CRA. This can include communication from the CRA regarding changes to your account that you did not authorize. You can report suspected unauthorized access using one of the following options:

Option 1

Use the online Web form

Secure Web form

Option 2

Call the CRA

Automated phone system:  
1-800-265-2577 (in Canada)
1-613-221-3176 (outside Canada)

Live call with an agent:
1-833-995-2336 (Individual accounts)
1-800-959-5525 (Business accounts)
1-800-959-8281 (Trust accounts)

Teletypewriter (TTY): 

What this means for you

If your account information has been compromised, your online CRA account(s) may have been accessed by an unauthorized individual. As a result, the CRA will take the following actions.

If you are an individual, we will:

If you are a business, we:

How the CRA will contact you

As soon as the CRA becomes aware of an alleged incident of identity theft or suspects an account could be the target of a bad actor, we take swift and immediate precautionary measures.

Incidents of suspected unauthorized access

We send letters by mail to individuals and businesses who have been affected by unauthorized access.

The letter provides information on how to validate your identity to restore access to your account, and how we are helping those affected by these incidents. For individuals, this may include access to free credit protection services.

Suspected identity theft

In cases of suspected identify theft, we may call you or write you a letter asking for details about your file and request documents to validate your identity and personal information.

This could include a:

If you’re suspicious about a call or letter that you’ve received that is requesting information from you, here’s how to know it’s really the CRA.

How to prevent future incidents

Scam prevention and the CRA

To know what to expect when the CRA contacts you, what we may or will not ask for, as well as examples of recent CRA-related scams, visit Scam prevention and the CRA.

Please note that if you believe you have received a scam call by someone posing to be the CRA, our General Enquiries are here to help.

Individual Tax Enquiries can be reached at 1-800-959-8281.

Business Inquiries can be reached at 1-800-959-5525.

Page details

Date modified: