It got tougher at the weekend to get COVID-related support from the federal government.
Hackers compromised 5,500 accounts in two cyberattacks.
The breaches have been contained but Canada Revenue Agency has temporarily shut down its online services as a safety measure.
It hopes to have the services for businesses back up and running today, which is the first day companies struggling due to the pandemic can start to apply for the latest round of federal wage subsidies.
Others will have to wait.
The incidents are a type of attack known as “credential stuffing.”
Passwords and usernames are collected from previous hacks of accounts worldwide. The hackers take advantage of the fact many people reuse passwords and usernames across multiple accounts.
Letters are being sent to those affected by the incidents, explaining how to confirm their identity and regain control of their accounts.
Canada’s cyber intelligence agency recommends anyone affected by the breach to update their passwords and choose something they will not use for any other account.