The CRA settlement, stemming from a class action lawsuit, offers up to $5,000 in compensation to eligible Canadians affected by a 2020 data breach. This settlement, approved by the Federal Court, addresses credential stuffing attacks on Government of Canada online accounts, including CRA, My Service Canada, and GCKey-accessed accounts. However, the settlement process is not automatic, and eligibility is based on specific criteria. Canadians must verify their status through official channels, as the settlement notice explicitly states that not all class members will receive payments. The compensation categories include access claims, fraud claims, and a Special Compensation Fund for out-of-pocket expenses. The $5,000 figure is a maximum reimbursement, not a guaranteed payment, and eligibility depends on evidence of fraud loss, identity theft expenses, and other breach-related losses. Canadians should be cautious of scams and avoid sharing personal information with unauthorized websites. This settlement highlights the importance of strong passwords, multi-factor authentication, and regular monitoring of online government accounts to prevent future breaches.
