Breach halts electronic pay stubs for federal workers

A mysterious security breach has led the federal government to shut down its online pay system, affecting some 320,000 public servants.

A mysterious security breach has led the federal government to shut down its online pay system, affecting some 320,000 public servants.

The system was pulled offline for "urgent" repairs on April 4 after officials discovered the privacy of eight account-holders had been breached.

Pay is still being deposited as scheduled in employees' bank accounts.

But electronic paystubs with information about basic salary, overtime, bonuses, reimbursement of travel expenses and other key data has been unavailable for more than two weeks.

The glitch affects virtually every federal department, from Health Canada to Public Works itself, which operates the self-serve online system for all government employees.

A spokesman said it's still not known when the problem will be rectified.

"We are developing solutions to remedy the problem," said Sebastien Bois of the Public Works Department. "Officials are working to restore service as soon as possible."

Bois said the affected system, known as the Compensation Web Application or CWA, was set up in 2005 and has never been offline for so long.

Employees who need information from their electronic paystubs have been told to contact to their local payroll officials.

Software not to blame: official

Bois was not immediately able to describe how the problem occurred or what personal information may have been put at risk, but suggested the software and systems were not primarily at fault.

"The errors were not due to the CWA itself, but rather due to the manual processes involved," he said Monday.

Last spring, Auditor General Sheila Fraser reported that Public Works had completed an internal risk assessment that found the department's pay and pension systems "were close to imminent collapse, and compensation specialists were leaving as a result."

Fraser noted the department had begun a project to modernize its systems, though she did not audit them.

On the other hand, Public Works last year completed a so-called privacy impact assessment on its online paystub service that found it was at low risk of breaching workers' privacy. The assessment was approved by the privacy commissioner's office.

In January this year, the federal Finance Department and Treasury Board of Canada were hit by a cyber-attack that forced both departments off the Internet in the crucial run-up to the federal budget.

Several reports based on unidentified sources claimed China was the source of the attacks, though the Chinese government vigorously denied it was involved.