The federal government will pay $8.7 million to settle a class-action lawsuit after hackers accessed sensitive information from government websites, including the Canada Revenue Agency (CRA).
Settlement Details
The settlement, reached last December and approved in court on Tuesday, resolves claims that hackers breached 47,000 government accounts during the early months of the COVID-19 pandemic. The attackers used the stolen data to apply for emergency benefits such as the Canadian Emergency Relief Benefit and the Canadian Emergency Student Benefit.
Federal Court Justice Richard Southcott approved the settlement, stating it is fair, reasonable, and in the best interests of the class. The total payout of $8,760,500.90 includes compensation, legal fees, and taxes.
Compensation for Victims
Individuals whose personal or financial information was compromised between March 1 and December 1, 2020, are eligible for compensation. Those who suffered financial fraud can receive up to $200, while those whose information was accessed but not used for fraud can receive up to $80. A special fund provides up to $5,000 per person for out-of-pocket expenses related to the breach. Claimants are automatically included in the settlement.
Exposed Information
Court documents reveal that hackers obtained social insurance numbers, direct deposit details, tax information, birth dates, employment records, benefits information, and employment insurance data.
CRA Response
The CRA declined to comment on the specific case but emphasized that protecting Canadians' personal information is a priority. A spokesperson stated that no organization is immune to cyber incidents, and the CRA has robust systems to monitor, detect, investigate, and address potential threats.
The settlement ends a multi-year legal battle in which victims alleged that the federal government and CRA allowed at least three cyberattacks over the course of a year.
