Hackers have used the recently discovered OpenSSL security flaw, codenamed Heartbleed, to steal data from the Canada Revenue Agency (CRA) and Mumsnet networks.
CRA commissioner Andrew Treusch confirmed the breach in a public statement, revealing as many as 900 taxpayers' details have been compromised.
"Regrettably, the CRA has been notified by the Government of Canada's lead security agencies of a malicious breach of taxpayer data that occurred over a six-hour period," read the advisory.
"Based on our analysis to date, social insurance numbers of approximately 900 taxpayers were removed from CRA systems by someone exploiting the Heartbleed vulnerability."
Heartbleed is a flaw in the OpenSSL implementation of the transport layer security (TLS) protocol. The security vulnerability, as discussed in the video below, was discovered by researchers with a Finnish company called Codenomicon earlier in April.
The flaw has caused concern within the security community as the OpenSSL encryption protocol is used by open-source web servers such as Apache and Nginx, which host 66 percent of all websites.
The Mumsnet network also confirmed falling victim to an attack targeting the Heartbleed vulnerability in an email to users, obtained by V3.
"On Thursday 10 April we at Mumsnet HQ became aware of the bug and immediately ran tests to see if the Mumsnet servers were vulnerable. As soon as it became apparent that we were, we applied the fix to close the OpenSSL security hole (known as the Heartbleed patch). However, it seems that users' data was accessed prior to our applying this fix," the email said.
"On Friday 11 April, it became apparent that what is widely known as the 'Heartbleed bug' had been used to access data from Mumsnet users' accounts."
Both the CRA and Mumsnet have installed a fix from the OpenSSL Project that plugs the Heartbleed flaw, but recommended users change their passwords as soon as possible to protect themselves from follow-up attacks.
Data breaches are an ongoing issue for businesses across all industries. Security firm Symantec reported earlier in April that hackers' compromised more than 552 million web users' identities over the past year.
Security firm claims that 117,638 sites out of 135,035 analysed contain serious security flaws
AimBrain adds lip-sync capabilities to its biometrics system
Canadian scientists claim to have found a way to mass produce plastic semiconductors
RAND claims AI could enhance strategic stability by improving accuracy in intelligence collection and analysis