I hope you didn't eat too much candy last night.

Last week I complained there's little-to-no Canadian news about privacy these days, which meant I was once again ranting about legislative reform.

Murphy's law being what it is, there's now a slew of news reports this week and they're all about a breach. This one appears to involve a major federal institution, possible private sector third parties, cybercriminals, a whole bunch of Canadian taxpayers, and a whole lot of money.

The news reports suggest hackers accessed Canada Revenue Agency accounts by somehow getting the credentials needed from third-party private sector organizations such as those that prepare tax returns, changed direct deposit information, and submitted false returns to pocket some pretty hefty refunds.

The Office of the Privacy Commissioner of Canada is now investigating 30,000 breaches at the CRA dating back to 2020 to determine whether the CRA met its obligations under the Privacy Act.

It's no big surprise that the CRA is an attractive target, but it's not the only one. We don't yet know what will transpire here, but I think this case still stands as a bit of a cautionary tale for all organizations. It underscores the importance of taking steps to prevent attacks, to regularly monitor and test for weak spots, and to address breaches effectively when they do arise.

Cybercrimes are becoming more and more prevalent, and those perpetuating the crimes seem to be getting bolder and smarter, making the job all that much more challenging. It can be tough to keep up with the evolving threats, but organizational trust and credibility are at stake, so we've got to try.

And, while that was one of the bigger stories this week, there were actually quite a few others, so I hope you take the time read the rest of the digest. And, aren't you relieved you didn't have to read another rant about legislative reform?

Kris Klein, CIPP/C, CIPM, FIP, is the managing director for Canada for the IAPP.