deneme bonusu
New 'terms of service' pretends to absolve Canadian tax agency of all hacking liability | Insider Feeds %

New ‘terms of service’ pretends to absolve Canadian tax agency of all hacking liability




Cutting corners: People expect security when trusting the government with their tax information. Recently, however, a security software developer has accused Canada’s government of dodging that responsibility with lackluster cybersecurity and suspicious terms of service alterations. The changes come after recent hacks impacted Canada’s tax agency.

The Canadian Revenue Agency (CRA), which handles the country’s taxes, has new terms and conditions absolving it of any liability if its online services suffer a data breach. The change affects the entire country because all Canadian citizens and businesses must handle their taxes through the CRA, thus trusting their personal information with the agency. Because it holds the personal information of virtually every Canadian taxpayer, the CRA could be an extremely attractive target for identity thieves or other hackers.

The updated terms of service say the CRA isn’t responsible for the damages users suffer if someone hacks the agency’s My Account portal. The CRA claims it has done everything it could to prevent cyberattacks but cannot guarantee foolproof protection.

Such contracts might be acceptable if the agency had the best possible, or at least a very good, cybersecurity apparatus. Unfortunately, Tanya Janca, founder and CEO of security software developer We Hack Purple, claims the CRA neglects many basic security precautions.

Janca’s review of HTTP responses in the My Account portal’s login page suggests the site’s cookies lack any protection and that it doesn’t use all the recommended security headers. The ToS also forbids users from scraping the site’s code, but Janca doesn’t think that will stop anyone determined to penetrate the service.

The ToS changes could be in response to a rash of security-related incidents that have impacted the agency over the last few years.

During the summer of 2020, thousands of CRA accounts fell victim to credential stuffing attacks, in which hackers use email addresses, usernames, and passwords gained from prior breaches to steal other accounts that use the same credentials. In 2021, security concerns led the CRA to lock 800,000 taxpayers out of their accounts.

One victim filed a class action lawsuit against the government last August. The victim’s account was stolen, and their direct deposit information had been changed as part of a COVID-19 financial assistance scheme.

So far, the CRA hasn’t responded to Janca’s information requests. She plans to give a presentation on the issue at the Privacy & Access Council of Canada’s Privacy & Data Governance Congress on March 10.


Source link

Subscribe to our magazine

━ more like this

Understanding and Excelling in the HSC Short Syllabus in Bangladesh

Introduction: The Higher Secondary Certificate (HSC) Short Syllabus in Bangladesh has been introduced to overcome academic challenges and ensure effective learning. This comprehensive guide explores...

A Detailed Exploration of SSC Exam Routine 2024 in Bangladesh

Introduction: Embarking on the academic journey, the Secondary School Certificate (SSC) exam holds paramount significance for students in Bangladesh. This comprehensive guide navigates the intricacies...

A Comprehensive Guide to PESP Finance Gov BD

Introduction: In the intricate world of financial management, PESP Finance Gov BD emerges as a key player. This comprehensive guide explores the various aspects of...

Innovative Uses for Coffee Burlap Bags in Your Garden

Demystifying Coffee Burlap Bags Before we dive into their myriad uses, let's acquaint ourselves with coffee burlap bags. Made from robust natural burlap fibers, they're...

Unlocking the Benefits of Online Shopping with Credit Cards: Why OneCard Might Be Your Best Bet?

Indians are increasingly opting for online shopping over in-store purchases, with credit card transactions online outpacing those at physical Point of Sale (PoS) locations...