Harvey Cashore, Daniel Leblanc report:
At the height of this year’s tax season, the Canada Revenue Agency discovered that hackers had obtained confidential data used by one of the country’s largest tax preparation firms, H&R Block Canada.
Imposters used the company’s confidential credentials to get unauthorized access into hundreds of Canadians’ personal CRA accounts, change direct deposit information, submit false returns and pocket more than $6 million in bogus refunds from the public purse, an investigation by CBC’s The Fifth Estate and Radio-Canada has found.
So you may wonder why didn’t H&R Block discover that customer accounts were being breached and why the victims weren’t notified. Here’s what CBC reports on that:
In a statement, H&R Block said there is no evidence the breach came from it.
The tax firm said a “comprehensive internal investigation” concluded none of its “data, systems, software and security” had been compromised. H&R Block said it is not aware that the Canadian taxpayers impacted by the breach were any of its own clients.
Read more at CBC News.
Did H&R customers fall for fake captchas that snarfed their personal information? Did they have their info stolen by infostealers? If so, that wouldn’t be H&R’s breach of its systems, but H&R is saying it may not even be its customers who were defrauded?
There’s a lot that needs to be determined and revealed about this whole situation.