Stating that the usernames and passwords for the accounts may have been obtained by what they call unauthorized third parties, the Canada Revenue Agency announced Friday they would be locking more than 800,000 taxpayers out of the online My CRA account starting Saturday morning. The move is described by the CRA as a precautionary cybersecurity step after similar action was taken in February, which locked out more than 100,000 accounts.  

In a news release, the CRA stated the user IDs and passwords were not compromised as a result of a breach of their online systems. Instead, external data breaches and email phishing scams are possible sources of the compromised information.  

Those who are affected by the lockout will have their email removed from the account, and will not be able to reset their password using traditional methods. Instead, if they are signed up for email notifications, they will receive an email with instructions on how to regain access to their CRA account. Others will receive instructions by mail. 

The CRA is hoping to have the issues resolved by March 22nd. Anyone who hasn’t been able to regain access by that day should then call the CRA for assistance.