First Heartbleed Bug Victims Announced
The Heartbleed bug is serious but as far as the world knew, it was a victimless crime—until now.
According to the Canada Revenue Agency, about 900 taxpayers’ social insurance numbers were stolen from its systems. The Government of Canada informed the CRA of the breach and the Heartbleed bug was the confirmed cause.
According to the press release, the CRA is now conducting a more detailed analysis of various “fragments of data” to find any other instances. Nonetheless the CRA says it's confident that there was no other breach before or after the revelation of the bug.
The breach took place during a six-hour window likely explaining why only 900 records were grabbed.
Safety Versus Speed
The CRA’s press release has left it in hot water.
The agency said that it would be notifying all victims by registered mail rather than electronic means. According to the release it “will not be calling or e-mailing individuals to inform them that they have been impacted – we want to ensure that our communications are secure and cannot be exploited by fraudsters through phishing schemes.”
Critics are blasting the agency saying that the cyber thieves who took the information could exploit it while the victims are waiting for the notification to arrive.
More Victim Announcements Coming?
Is this single exploit going to be one of few reported in the coming weeks and months? Probably not, according to experts. It’s impossible to know who knew about the bug prior to its revelation about a week ago. Some companies still haven’t patched the bug or systems that were hacked in the time between the public announcement of the bug and the time the bug was patched.
Despite the potential enormity of the problem, consumers aren’t concerned. According to an interview with The Globe and Mail, accountant Cynthia Kett said,
“We haven’t heard from our clients at all,” She continued, “I think they have come to accept the fact that if their social insurance numbers and everything else is floating out there, that somehow, somewhere people are going to get it, if they really want to.”
Last week, the Heartbleed bug made news when it was revealed that it affected more than two-thirds of the Internet and left nearly everybody’s online data at risk. OpenSSL, the company responsible for the security hole, developed a patch for the bug before the announcement. Companies and governments scrambled to apply the patch before any data was lost. To date, only the CRA has announced that data was stolen.
© 2014 Benzinga.com. Benzinga does not provide investment advice. All rights reserved.