Canada Cyberattack Exposes Emails and Phone Numbers

A major cyberattack has been reported involving several federal government services in Canada, and it’s raising serious concerns about digital security. The Treasury Board of Canada Secretariat confirmed that email addresses and phone numbers tied to user accounts at the Canada Revenue Agency, Employment and Social Development Canada, and the Canada Border Services Agency were accessed by a malicious actor.

The breach was first discovered on August 17th, when 2Keys Corporation, the provider of the multi-factor authentication service used for these accounts, noticed suspicious activity. According to officials, a routine software update unintentionally created a vulnerability in the system. That weakness was exploited between August 3rd and August 15th, giving the attacker access to certain contact details.

What makes this particularly troubling is how the stolen information was used. Some of the compromised phone numbers received spam text messages. These messages included links to a fake website designed to look like an official Government of Canada page. In other words, people were being lured into a phishing scheme, where they might unknowingly hand over even more sensitive information.

Also Read:

• Shopify COO Kaz Nejatian to Depart After Six-Year Tenure
• India Crushes UAE in Asia Cup with Record-Breaking Win

The government has stressed that only emails and phone numbers were accessed. So far, there is no evidence that more personal or financial data, such as Social Insurance Numbers or banking information, was disclosed. The multi-factor authentication service has since been restored, and outside cybersecurity experts have been brought in to investigate the full scope of the attack.

This incident highlights how even trusted security tools can be vulnerable. 2Keys, which was acquired by Interac in 2019, has long provided authentication and digital identity services to the federal government, financial institutions, and police forces. The fact that a routine update caused such a flaw shows how delicate these systems can be and how quickly cybercriminals are able to exploit any opening.

Officials are reminding Canadians to remain cautious. Anyone receiving unexpected texts, emails, or calls claiming to be from government agencies should think twice before clicking links or sharing personal information. Cybersecurity experts say phishing remains one of the most common ways criminals trick people, and incidents like this reinforce the need for constant vigilance.

This is not an isolated case. Cybersecurity attacks, especially phishing and ransomware campaigns, have been on the rise across Canada in recent years. Nearly half of IT and security professionals in the country reported dealing with an attack in 2024 alone. Provincial organizations have been targeted as well, meaning no level of government or sector is completely safe.

For now, the message from Ottawa is clear: the situation is under control, the immediate vulnerability has been fixed, and Canadians should not panic. But this cyberattack serves as another reminder that digital security is never guaranteed—and that individuals, companies, and governments all share responsibility in staying one step ahead of online threats.

Read More:

• Patrick Dempsey Unveils the New 911 Turbo S with 701bhp
• Trump’s Alleged Epstein Letter Sparks Political Firestorm