Skip to main content

Eric Caire, Quebec’s minister of digital transformation, said the province has since been working to identify which websites are at risk, one by one, before putting them back online.Graham Hughes/The Canadian Press

Amid warnings from Ottawa of a global online security issue, Quebec said Sunday that it has shut down almost 4,000 government websites as a preventative measure after receiving a cyberattack threat.

At a news conference, Quebec’s minister of digital transformation said the province was made aware of the threat on Friday and has since been working to identify which websites are at risk, one by one, before putting them back online.

“We’re kind of looking for a needle in a haystack,” Eric Caire said, in Quebec City, “Not knowing which websites use the [affected] software, we decided to shut them all.”

He added, “Once we make sure the system is operational, it gets back online.”

Mr. Caire said the provincial vaccine passport system was never at risk, saying it doesn’t require the software that has been the focus of attention.

Canada Revenue Agency goes offline as a precaution, citing global ‘security vulnerability’

Defence Minister Anita Anand said the federal government is aware of a “vulnerability” in a software product called Apache, “which has the potential to be used by bad actors in limited and targeted attacks.”

Ms. Anand said in a statement Sunday that the Canadian Centre for Cyber Security is calling on Canadian organizations of all types to pay attention to this “critical, internet vulnerability affecting organizations across the globe.”

The centre leads the government’s response to cybersecurity events, combining expertise from Public Safety Canada, Shared Services Canada and the Communications Security Establishment (CSE) to work with private and public sectors.

Asked for more details on the reference to Canadian organizations of all types, the CSE said Sunday that it was referring to small, medium and large organizations/enterprises, but did not provide any further details.

The Canada Revenue Agency said Sunday that it became aware on Friday of a security vulnerability.

“As a precaution, we proactively decided to take our online services offline while we work to secure our systems against potential threats,” said the statement.

The CRA said it is committed to protecting the personal and tax information of Canadians by taking appropriate steps to safeguard sensitive information online.

However, the agency said there is no indication that its systems have been compromised, or that there has been unauthorized access to taxpayer information because of this vulnerability.

“We understand that this interruption may be inconvenient to some Canadians. Our services will be available as soon as possible. We apologize for the inconvenience and thank Canadians for their patience as we work to resolve the situation,” said the statement.

Another high-profile federal institution also recently faced cyber-intrusion issues. On Dec. 2, a representative for the Governor-General disclosed that there was unauthorized access into an internal computer network. The Office of the Governor-General said it was working with the Canadian Centre for Cyber Security on both an investigation and action to strengthen its network.

With reports from The Canadian Press.

For subscribers: Get exclusive political news and analysis by signing up for the Politics Briefing.