Security of your CRA account

The Government of Canada, like other government and private sector organizations, faces ongoing and persistent cyber threats. Recent “credential stuffing” cyber incidents used passwords and usernames from previous hacks in other organizations to access CRA accounts. We’re here to help those who have been affected by the recent cyber incidents. We are working to protect taxpayer information and prevent future cyber incidents.

If your account is compromised

If you believe your account is compromised, or you don’t know if you’ve been affected by recent cyber incidents, here is some information that can help you.

How to know

If you receive a letter from us

We are sending letters by registered mail to everyone affected by the recent cyber incidents. If you receive a letter notifying that your account has been compromised, follow the instructions in the letter.

If your account is disabled

If access to your online account(s) is disabled, contact us as soon as possible, whether you have received a registered letter from us about your account or not.

If you notice suspicious activity

Be sure to regularly monitor your online accounts for suspicious activity. This can include unsolicited changes to your banking, address or personal information, or benefit applications made on your behalf. Sign up for email notifications to monitor changes in your CRA accounts.

What this means for you

If your account was compromised during the recent cyber incidents, your online CRA account may have been accessed by an unauthorized individual. As a result:

How the CRA will notify you

We are sending letters by registered mail to people who have been affected by the recent cyber incidents. If you suspect your account may have been compromised, and have not received a letter or have recently moved, contact us as soon as possible.

The letter provides information on how to validate your identity to restore access to your account, and how we are helping those affected by these incidents. This includes access to free credit protection services.

How you can contact the CRA

If you suspect that your CRA account was compromised during the recent cyber incidents:

Call the CRA at:

1-800-959-8281

Select the option “report suspected fraud or identity theft” to prioritize your call to speak to a specialized agent as quickly as possible.

or

Request a call back:

If you cannot wait on the phone, you can ask the CRA to call you back. To set up a call back, go to Need assistance.

 

If you have concerns about a call or email you received about a payment:

Call the Canadian Anti-fraud Centre at:  1-888-495-8501

How to prevent future incidents

Learn more

Report a problem or mistake on this page
Please select all that apply:

Thank you for your help!

You will not receive a reply. For enquiries, contact us.

Date modified: