There are moments when disparate stories stop being isolated incidents and begin to form a pattern.

A class action lawsuit over a data breach.
Hundreds of CRA employees disciplined or dismissed for improperly claiming emergency benefits.
A criminal case involving alleged manipulation of internal systems.
Another cybersecurity incident occurred years after officials were warned.

Individually, each story might be explained away. Together, they raise a more troubling question:

Is Canada’s revenue and benefits infrastructure failing at a systemic level?

A recent video by Northern Perspective argues that it is — and while the presentation is sharp-edged and opinionated, the underlying facts deserve careful, sober examination.

This article does that work.

The Lawsuit: What Is Actually Happening

At the center of the current attention is a certified privacy-breach class action commonly referred to as Sweet v. His Majesty the King.

The case arises from credential-stuffing attacks that occurred in 2020, during which attackers used previously compromised usernames and passwords (often from unrelated data breaches) to gain unauthorized access to Government of Canada online accounts — including CRA My Account and other GCKey-linked portals.

In many cases:

• Personal information was altered

• Direct deposit details were changed

• Emergency benefits, such as CERB were fraudulently applied for using legitimate accounts

The lawsuit alleges systemic negligence in safeguarding sensitive information and failing to implement adequate protections before the breach.

The Proposed Settlement

A proposed settlement is now before the Federal Court.

If approved, it would allow eligible class members to apply for compensation under three categories:

• Access claims (time spent addressing unauthorized access)

• Fraud claims (time spent addressing fraudulent use)

• Special compensation — up to $5,000 for documented out-of-pocket losses

A settlement approval hearing is scheduled for March 31, 2026.

Importantly:

• This is not automatic cash

• Eligibility depends on whether personal information was accessed or misused during the defined period

• The Government of Canada does not admit wrongdoing as part of the settlement

That nuance matters — especially when public discourse drifts toward absolutes.

What the Video Gets Right

The Northern Perspective video is correct on several key points:

1. This is a real, certified class action, not speculation

2. The compensation figures are real, though conditional

3. KPMG is administering the settlement process

4. The scope of affected Canadians is large, potentially in the hundreds of thousands

The video also accurately highlights something many official communications gloss over:

The breach did not occur in a vacuum — it happened during a moment when extraordinary amounts of money were moving through systems that were already under strain.

That context matters.

Where the Video Blends Issues — and Why That’s Understandable

The video interweaves the class action with stories about CRA employees who improperly claimed CERB and, in some cases, challenged their termination through labour grievances.

These are real events, but they are legally separate from the class action.

• The class action concerns external attackers and system safeguards

• The employee cases concern internal misconduct and labour law

However, from a systems perspective, it’s understandable why the public links them.

When:

• External actors exploit weak controls

• Internal employees exploit insider knowledge

• Oversight mechanisms struggle to respond decisively

…it becomes harder to argue these are isolated failures.

The CERB Employee Scandal: What We Know

The CRA has publicly acknowledged that, following internal reviews:

• Hundreds of employees were investigated

• 330 were no longer with the agency as a result of the process

• Outcomes ranged from termination to suspension to no discipline, depending on findings

In at least some cases, terminated employees filed grievances through federal labour boards — a normal legal process in unionized environments.

What unsettles many Canadians is not that due process exists, but that individuals tasked with administering tax and benefit systems allegedly exploited those same systems during a national crisis.

Even when grievances succeed, the reputational damage is profound.

The Cybersecurity Issue Didn’t End in 2020

One of the most important — and least discussed — points raised in the video is this:

The 2020 breach was not the last serious incident.

In August 2025, the Government of Canada disclosed another cybersecurity event involving a third-party multi-factor authentication provider used by CRA and other departments.

While officials emphasized that only contact information was exposed, the reality is more complex:

• Phone numbers and email addresses are precisely what attackers use for phishing, SIM-swap attacks, and account takeover chains

• The breach occurred years after government IT teams were warned to expect heightened threats to public infrastructure

This undermines confidence that lessons were fully learned.

This Is Not Just About Money

It’s tempting to frame this story around the headline figure: “Up to $5,000.”

That would be a mistake.

The deeper issue is trust.

The CRA is one of the most powerful agencies in the country. It:

• Knows what Canadians earn

• Controls access to benefits

• Enforces compliance through penalties and audits

That power rests on an implicit social contract:
Your information will be protected, and the rules will be applied fairly.

When systems fail — externally and internally — that contract frays.

Why This Matters Now

Whether the settlement is approved or not, this moment should force serious questions:

• Why were modern security measures implemented after the breach rather than before?

• Why were warning signs about infrastructure vulnerability not acted on sooner?

• How does a system designed to detect fraud miss both insiders and outsiders at scale?

• What accountability exists beyond settlements and press releases?

Canadians deserve more than compensation.
They deserve assurance that the systems governing their livelihoods are competent, secure, and trustworthy.

Final Thought

The Northern Perspective video is sharp, emotional, and at times confrontational — but it points to a real fault line.

The CRA lawsuit is not an anomaly.
It is a stress fracture in a system that has been under pressure for years.

Ignoring that fracture will not make it disappear.