A major B.C. healthcare data breach has compromised the Social Insurance Numbers (SINs) and personal information of 28,000 current and former Interior Health employees, leading to widespread CRA account hacks and identity fraud across Canada.
The exposed data has been used by fraudsters to file bogus tax returns, obtain fraudulent loans, and create fake businesses, often through H&R Block offices in Alberta.
Victims’ Identities Used in Fraud and CRA Scams
Among the affected is Leslie Warner, a nurse from Fernie, B.C., who was arrested in 2022 after her identity was used to commit fraud.
“I was like: ‘Oh my God, this is my identity theft,'” Warner told police.
Her CRA account had been hacked in 2020. An imposter claimed a false refund, named H&R Block as her authorized representative, and redirected her personal details to Alberta-based offices.
Warner later discovered unauthorized representatives had been added to her CRA account, including:
- H&R BLOCK (OFFICE 50575)
- H&R BLOCK (50638)
- H&R BLOCK CANADA, INC.
Her account had been modified to include a new address, phone number, and dependents she didn’t have. CRA even sent letters to tax preparers in Edmonton and Calgary, naming them her contacts for electronic filing.
Data Origin and Exposure on the Dark Web
The breach stems from an old Interior Health Authority employee data leak, involving records from 2003 to 2009. Information exposed includes:
- Social Insurance Numbers
- Home addresses
- Dates of birth
An anonymous source, calling themselves “Anonymous”, told The Fifth Estate they obtained the list via the dark web and sold it through Telegram groups as early as 2017 for approximately $1,000.
“As an ex-criminal… I now want to help others and right my wrongs,” Anonymous wrote in an email.
Anonymous shared the list with The Fifth Estate, which confirmed several names on it matched real Interior Health employees. All said the data listed about them was accurate.
Link to H&R Block and EFILE Access Exploitation
Fraudsters used H&R Block locations in Alberta to process fake T4 slips and claim refunds using the stolen identities. At least seven known victims had their CRA accounts breached using this method.
In one case, a nurse from Penticton discovered her name was used to create two federally registered shell companies in Edmonton. Fraudsters used those companies to produce fake T4 slips for false CRA filings.
An H&R Block internal memo warned of:
- “An increase in fraud by people claiming to move from British Columbia to Alberta”
- Specific scams involving fake companies like “Hawt shotz Deliveries Inc.”
- Use of bogus T4 slips and fake IDs in Red Deer and Edmonton
Still, H&R Block stated:
“It is misleading and irresponsible to make any assumptions… and to make assertions about a specific party’s ultimate responsibility.”
The company maintains that it was not aware of Canadians being affected through unauthorized use of its EFILE credentials.
Questions Over Interior Health’s Handling and Awareness
In March 2024, Interior Health acknowledged that personal data from past employees had surfaced during an RCMP investigation. The agency advised anyone employed between 2003 and 2009 to call a hotline to verify whether their data was included.
Interior Health said its list contained 20,000 names, but the one sent to The Fifth Estate included 28,000 individuals.
Despite Interior Health stating in a release that Deloitte Canada found no evidence of the data on the dark web, Anonymous contradicted this:
“Me personally, as well as others, have bought it on Telegram shops and other dark web forums.”
Interior Health’s vice-president of digital health, Brent Kruschel, said:
“Due to the age of the data and its broad scope, IH was not able to accurately confirm where the information came from.”
Because of the ongoing RCMP investigation, Interior Health declined to comment further.
Growing Impact on Affected Individuals
More victims continue to surface. The Fifth Estate confirmed that two other B.C. residents—one from Creston, another from Kelowna—had their CRA accounts hacked in 2023. Both were on the Interior Health list.
As Warner put it:
“Why didn’t anyone get ahold of me?”
Despite the scale of the breach, several affected employees say Interior Health told them they were not on the leaked list—raising questions about the accuracy and transparency of the response.
Enterprise and Regulatory Implications
This breach highlights systemic vulnerabilities in the handling of government employee data, third-party tax preparation access, and the CRA’s authentication processes.
It also underscores the need for tighter cybersecurity controls in public health organizations and third-party vendors alike.
The B.C. healthcare data breach, its links to dark web trade, and the use of platforms like Telegram show how legacy data can still pose modern threats—especially when regulatory follow-through lags behind the risks.
