A devastating data breach involving British Columbia’s Interior Health Authority has exposed the personal information of over 28,000 current and former employees, leading to hacked CRA accounts, stolen identities, and bogus tax returns filed across Alberta.
This alarming breach includes home addresses, birth dates, and social insurance numbers of individuals employed between 2003 and 2009, and has already been linked to widespread fraudulent activity involving Canada Revenue Agency (CRA) accounts.
Table of Contents
Nurse’s Nightmare: From Healthcare Hero to Fraud Suspect
In 2022, nurse Leslie Warner was arrested and fingerprinted after being wrongly implicated in a CRA identity theft scam. What started as a terrifying brush with the law turned out to be a tragic case of identity theft that began in 2020, when Warner’s CRA account was hacked. An imposter had filed a fake return, falsely listing H&R Block as her authorized tax representative.
Warner’s name later surfaced in a leaked list tied to the Interior Health data breach, confirming her suspicions and deepening her frustration.
“I was like: ‘Oh my God, this is my identity theft,’” Warner told investigators. “I did not do this.”
How the Data Was Stolen and Sold
An anonymous source who contacted CBC’s The Fifth Estate claimed the stolen information had been circulating since 2017 and was sold on the dark web via encrypted Telegram groups for around $1,000.
The Fifth Estate confirmed the accuracy of the leaked list with multiple individuals who were listed — all of whom had worked for Interior Health. According to the source, the data has been sold and redistributed thousands of times over the past several years.
Fraud Through H&R Block: Alberta Offices at the Center of the Scam
Many of the fraudulent CRA claims were filed through H&R Block offices across Alberta, using stolen identities from the Interior Health breach.
Internal memos from H&R Block obtained by The Fifth Estate revealed the company was aware of the ongoing fraud. One such memo highlighted an increase in bogus claims filed by individuals pretending to move from B.C. to Alberta.
Despite this, H&R Block publicly claimed no knowledge of EFILE credential abuse, distancing itself from responsibility. However, former employees and internal communications indicate the company had documented cases of known fraudsters filing from multiple Alberta locations.
Hundreds of Canadians Affected by CRA Account Hacks
The CRA has been plagued by massive identity theft issues since 2020, with tens of thousands of accounts compromised. Gaps in the system — particularly involving third-party tax preparers — have been repeatedly exploited by criminals.
Special CRA access codes, known as EFILE credentials, were designed to make tax filing more efficient for authorized representatives. But these very codes have become loopholes for fraudsters.
In the Interior Health breach alone, at least seven employees had their CRA accounts hacked and fake tax refunds issued. In one case, a nurse from Penticton had two shell companies registered in her name — used by imposters to submit bogus T4 slips.
TurboTax Glitches in 2025 Users Report Unexpected Debts, Audits, and Filing Chaos
Canadians Face Confusion as April 30 Tax Deadline Approaches
TurboTax Glitch Leaves Canadians with Thousands Owed to CRA and Unexpected Audit Fines
Five Important Tax Deadlines to Remember for Canada’s 2025 Filing Season
Confusion Over Recent Changes Causes Many Canadians to Delay Filing Taxes
Interior Health and Deloitte Under Scrutiny
Interior Health was made aware of the breach in March 2024, following an RCMP investigation. A media release urged employees from 2003 to 2009 to check if their names were on the leaked list.
However, discrepancies soon emerged. While Interior Health said only 20,000 names were on the list, The Fifth Estate received a document with 28,000 names. Some victims were even told by the agency they weren’t affected — despite appearing in the leaked data.
Interior Health also stated that Deloitte, the cybersecurity firm it hired, found no evidence the data was available on the dark web. Yet Anonymous and other independent sources insist the opposite, saying the data had been bought and sold multiple times on Telegram and dark web forums.
Calls for Accountability and Transparency
The situation raises serious concerns about:
- The security of public employee data
- The reliability of CRA’s identity verification systems
- Oversight of third-party tax preparers like H&R Block
- Timely disclosure and transparency from public institutions
“Why didn’t anyone get ahold of me?” Warner asked. “I just want answers.”
What Happens Next?
The breach remains under active RCMP investigation, but for thousands of victims, the damage is already done. Many live in fear of future identity thefts, credit fraud, or legal complications.
This incident highlights a critical need for:
- Stricter data protection protocols
- Real-time fraud detection systems
- Greater accountability from both public and private sectors
Final Thoughts
This is not just a case of poor cybersecurity — it’s a national wake-up call. When personal data is so easily exploited and institutions hesitate to admit the extent of the damage, the consequences are not only financial — they’re deeply personal.
Victims like Leslie Warner are left picking up the pieces, demanding to know who knew what, when — and why they weren’t warned sooner.
If you suspect your CRA account may have been compromised or worked for Interior Health between 2003 and 2009, reach out to Interior Health immediately and monitor your credit reports for unusual activity.