Canada Revenue Agency Reports Over 42,000 Breaches Since 2020, Accepts Most Privacy Commissioner Recommendations
Privacy Commissioner Philippe Dufresne tabled a special report in Parliament detailing gaps in the agency's prevention, monitoring, detection and handling of unauthorized access to taxpayer information. The agency failed to implement mandatory multi-factor authentication in a timely manner and could not always explain how attackers bypassed security.
680news.comMore than 42,000 breaches have occurred at the Canada Revenue Agency since 2020, each involving unauthorized access to or modification of taxpayer information, according to a special report tabled in Parliament on Thursday. Privacy Commissioner Philippe Dufresne pointed to gaps in the agency's prevention, monitoring, detection and handling of breaches.
The report, posted online on May 07, 2026, found the Canada Revenue Agency could not provide details of every confirmed breach because of limitations in its tracking systems and the sheer volume of incidents.
The commissioner's office determined the agency did not implement mandatory multi-factor authentication in a timely manner. It also did not consistently rely on methods considered to be best practices for account security. The Canada Revenue Agency could not always adequately explain how attackers managed to bypass authentication processes.
Cbc reported that these shortcomings persisted even as the number of breaches climbed above 42,000. Dufresne made nine recommendations for improvement. The agency accepted eight in full and one in part.
The special report was tabled in Parliament by Privacy Commissioner Philippe Dufresne. Jim Bronskill authored the article for The Canadian Press that detailed the findings on the same day the document was posted online.
His office obtained the breach figures directly from the Canada Revenue Agency, which acknowledged shortfalls in its own systems while agreeing to most of the proposed changes. The breaches resulted from people gaining unauthorized access to or modifying taxpayer information.
Cbc reported the watchdog's conclusion that the agency's response fell short of standards expected for safeguarding millions of Canadian tax accounts.
Key Facts
Story Timeline
2 events- 2020-01-01
Start of period during which more than 42,000 breaches occurred at Canada Revenue Agency
1 sourceCbc - 2026-05-07
Special report posted online and tabled in Parliament by Privacy Commissioner Philippe Dufresne
2 sourcesCbc · The Canadian Press
Potential Impact
- 01
Canada Revenue Agency required to strengthen prevention, monitoring and detection systems
- 02
Taxpayer accounts exposed to identity theft and fraudulent claims
- 03
Partial acceptance of one recommendation may delay full implementation of all proposed safeguards
Transparency Panel
Related Stories
Al JazeeraTrump Meets Advisers to Decide on Iran Ceasefire Extension
President Trump said he is holding a Situation Room meeting to make a final decision on a possible deal with Iran. The proposed agreement would extend the ceasefire by 60 days and reopen the Strait of Hormuz.
France 24Russian Drone Strikes Romanian Apartment Building, Injuring Two
A Russian drone crashed into a residential building in eastern Romania during an overnight attack on Ukraine. Two people were injured and Romania requested faster NATO anti-drone support.
realitytea.comTrump Says U.S. Will Lift Iran Naval Blockade After Nuclear and Hormuz Pledges
President Trump stated the U.S. will end its naval blockade of Iran once Tehran commits to forgoing nuclear weapons and opens the Strait of Hormuz to unrestricted shipping. The announcement came via Truth Social and a live statement.