The Canada Revenue Agency says 900 Canadians have had their social insurance numbers stolen from its website because of the Heartbleed security bug.
The agency said early Monday it became aware of the breach while repairing the bug and that the theft happened over a six-hour period. The agency said it's not known whether anyone in Saskatchewan is affected.
Those who are affected will be contacted via registered letters and that any attempts to contact a taxpayer via email or telephone are fraudulent.
People affected will be provided with credit protection services at no cost, the revenue agency said.
The Heartbleed bug is caused by a flaw in OpenSSL software, which is commonly used on the internet to provide security and privacy.
A serious problem
David Gerhard, an associate professor with the Department of Computer Science at the University of Regina, said it is quite a serious problem.
If hackers have a social insurance number and a name together they can try and trick other agencies and banks to get more information such as birth dates and addresses, he said.
'They'll see if they can get away with it, and then they'll start doing more and more and more.'- David Gerhard, U of R
"You can get that person's credit report," he said. "You can apply for credit cards in their name. You can default on cards in their name. There's a lot of stuff you can do."
If you think you've had your social insurance number stolen, Gerhard suggests people call their bank and ask for a special password on your file. He also suggests people pay close attention to their credit card bills, cell phone records and any loan and mortgage statements.
"They'll use your credit card to make a really small purchase somewhere," he said. "They'll see if they can get away with it, and then they'll start doing more and more and more."
The Canada Revenue Agency said the RCMP are investigating.