Canada Revenue Agency (CRA) has confirmed that the information of thousands of Canadians may have been “accessed inappropriately” by employees.
In a statement to CTV News, the agency said that there were 264 privacy breaches between November 04, 2015 and November 27, 2018.
The financial data unlawfully accessed included social security numbers, addresses, phone numbers, dates of birth, marital status, income and deductions, as well as employment information.
In total, some 41,361 Canadians were affected by illegal snooping by the employees. However, CRA determined that 37,502 of those people were at “low risk of injury” due to the incident and were thus not notified that their privacy had been breached.
CRA has notified 1,640 of the affected individuals; as of February 01, the agency was in the process of contacting 34 more.
“For a number of other reasons, 2,185 individuals were not notified,” the agency added in its statement. CRA explained that some individuals whose information was exposed were either deceased or did not have an address available.
The agency revealed that 182 of the 264 employees who accessed the sensitive data without authorization have been disciplined, while 36 face a pending decision and 46 have “left” the CRA.