As you may have read, the CRA has temporarily shut down their online services, including NETFILE, as a precautionary measure to safeguard against a recently discovered vulnerability known as the Heartbleed Bug. The CRA has now restored their online services. (Updated April 13, 3pm EST)
To be clear, the CRA wasn’t hacked1, nor is this a virus. The issue is actually a bug in a piece of software that’s used widely across the internet. We think the CRA made the right call by proactively taking down their online services when the bug was discovered.
As far we we know, SimpleTax users have not been impacted. We immediately patched our systems when the bug was disclosed the morning of April 8th; you can confirm that we are not vulnerable here. As an additional precaution, we re-issued our SSL certificate with a new private key.
We encourage you change your SimpleTax password, especially if it’s one you share with another site that may have been impacted.
Even though NETFILE is temporarily closed, you can still use SimpleTax to complete your return. If you’ve signed up for an account, we’ll save your data so you can come back later to file.
If you already submitted your tax return and received a confirmation number from the CRA, your return has successfully been filed and no further action is required.
As always, we’re here if you have any questions.
1 Updated April 14, 2014 It looks like between the time the bug was publicly disclosed and the CRA shut down their online services, approximately 900 taxpayer SINs were removed from CRA systems by someone exploiting the Heartbleed vulnerability.