It turns out hackers have penetrated the security of the Canada Revenue Agency, exploiting the Heartbleed bug that has exposed two-thirds of all of the web's internet sites.
The Commissioner of the Canada Revenue Agency, Andrew Treusch, says the Social Insurance Numbers of about 900 taxpayers were removed from the CRA systems.
Experts are now analyzing other fragments of data including some that "may relate to businesses, that were also removed."
All of this occured over a span of 6 hours.
The website was taken down on April 8th. The Commissioner informed the federal Privacy Commissioner of the breach on April 11th, last Friday.
It is not clear why it took until Monday morning to tell the public.
Commissioner Treusch says that starting Monday, the CRA is putting measures in place to support and protect those affected by the breach.
A news release from the CRA says there is a dedicated 1-800 number that has been set up to provide further information, including what steps you can take to protect the integrity of your SIN. However, the release does not include the phone number.
If you get e-mail or a phone call about the attack that claims to be from the CRA, ignore it; that is most likely a scam.
If you are affected, you'll receive a registered letter by regular mail.
Also, if your number has been stolen, the CRA will provide you with credit protection services at no cost to you.