First of all, the information that allowed the fraudsters to break into people's accounts was obtained outside the Canada Revenue Agency system. In other words, it wasn't the agency's system that was hacked. The confidential information of certain individuals was obtained outside the agency's system, and it wasn't one hacker who entered the system, but rather a host of small incidents.
The first thing that the agency does in situations like this is to let the individual involved know. Their account is frozen, they are informed, and we perform all the necessary searches to track down the hacker. We also try to figure out the extent of the breach of confidential information, whether the breach was more generalized or limited to the agency. We work both to help the individual and to locate the fraudster.
Why wasn't this information made public, as was before in other situations? This situation involved specific cases, not a general risk to the public, so we didn't think it was relevant to disclose the information publicly. However, every Canadian concerned was immediately notified and their account was frozen.