Security of your CRA My Account and My Business Account

Revoked CRA user ID and password

Some taxpayers may have received notification that their CRA user ID and password have been revoked when attempting to log in to their CRA account. Visit CRA user ID and password have been revoked for more information.

Impacted individuals can continue to file their income tax return online using NETFILE certified software, and can apply for emergency benefits once a different login method is used, or a new CRA user ID and password is established. If you are unable to use this online option, please call the CRA.

Protect your business account by monitoring your My Business Account for any suspicious activity, which can include unsolicited changes to banking, mailing address, unauthorized appointment or changes of representatives or benefit applications made on your behalf. Visit Security of your CRA account for tips on securing your account.

Business owners who suspect their account has been compromised can call the CRA to talk to an agent on our Business Enquiries line at 1-800-959-5525 (between 9:00 a.m. and 6:00 p.m. local time, Monday to Friday), 1-866-841-1876 for Yukon, Northwest Territories and Nunavut or if they are outside of Canada and the U.S., at 613-940-8497 (between 9:00 a.m. to 6:00 p.m., Monday to Friday, EST). For information on protecting yourself against identity theft and fraud, go to

The Government of Canada, like other government and private sector organizations, faces ongoing and persistent security threats. Over the past few years, the Canada Revenue Agency (CRA) has noticed an increase in activity by unauthorized third parties attempting to gain access to taxpayers’ CRA accounts.

If you have been affected by a security incident, we’re here to help. We are continually working to protect taxpayer information and to prevent future security incidents.

If your account is compromised

If you believe your My Account, My Business Account or Represent a Client account has been compromised, here is some information that can help you.

If you receive a letter from us

We are sending letters by registered mail to individuals and businesses affected by security incidents. If you receive a letter notifying you that your account has been compromised, follow the instructions in the letter.

If you notice suspicious activity

Be sure to regularly monitor your online accounts for suspicious activity. This can include unsolicited changes to your banking, address, business or personal information, or benefit applications made on your behalf. Sign up for email notifications to monitor changes in your CRA accounts.

What this means for you

If your account has been compromised, your online CRA account(s) may have been accessed by an unauthorized individual. As a result, the CRA will take the following actions.

If you are an individual, we will:

If you are a business, we:

How the CRA will notify you

We are sending letters by mail to individuals and businesses who have been affected by a security incident. If you suspect your account may have been compromised, and have not received a letter or have recently moved, contact us.

The letter provides information on how to validate your identity to restore access to your account, and how we are helping those affected by these incidents. This includes access to free credit protection services.

How you can contact the CRA

If you suspect that your CRA account was compromised:


Call the CRA at: 1-800-959-8281

Select the option “report suspected fraud or identity theft” to prioritize your call to speak to a specialized agent as quickly as possible.


Call the CRA Business Enquiries line at: 1-800-959-5525

If you have concerns about a call or email you received about a payment:

Call the Canadian Anti-Fraud Centre at: 1-888-495-8501

How to prevent future incidents

Learn more

Report a problem or mistake on this page
Please select all that apply:

Thank you for your help!

You will not receive a reply. For enquiries, contact us.

Date modified: