Nearly 80 more terminated for misuse of CERB payments
Federal tax officials faced 370 founded cases of misconduct in 2024–2025, including employees snooping in tax files, falsely claiming hours worked and misusing Canada Revenue Agency (CRA) assets, according to a government report.
Suspensions, written reprimands and terminations were imposed in 266 instances, with suspensions making up 59 per cent of disciplinary measures, written reprimands 24 per cent and disciplinary terminations 9 per cent.
Overall founded misconduct increased to 370 cases in 2024–2025 from 322 the previous year, pushing the rate from 5.1 to 6.6 cases per 1,000 employees, according to the CRA’s Annual Report on employee misconduct and wrongdoing.
Disciplinary measures rose to 266 from 222 over the same period, a 20-per-cent increase, or 4.8 cases per 1,000 employees, with terminations remaining at similar levels and still associated with complex, serious files often involving multiple allegations.
Unauthorized access, false attendance
Unauthorized access to tax information was among the most common issues: 16 per cent of founded cases involved employees accessing their own tax accounts without permission, while 11 per cent related to improper access to other taxpayers’ or similar information, according to the report.
False attendance reporting and insubordination each accounted for 10 per cent of misconduct findings.
Information security lapses included:
- staff forwarding protected data and passwords from CRA systems to personal email accounts without encryption
- leaving devices unsecured
- recording meetings on personal phones
- failing to report known breaches
- accessing or transmitting protected information from unsecured public locations, according to the report.
Cases also described workers accessing their own or third-party accounts—sometimes more than 100 times—including those of spouses, relatives, friends, former roommates, business partners, deceased individuals and colleagues, with some incidents involving sharing confidential details or granting preferential treatment, according to the CRA.
Insubordination, negligence
In the “failure to protect the CRA’s reputation” category, there were 111 founded cases tied to conduct such as insubordination, negligence, conflict of interest breaches and behaviour that could undermine the agency’s image.
Examples included:
- not disclosing outside employment, business interests, partnerships or property holdings
- receiving CRA funds into personal bank accounts; failing to report criminal associations or financial hardship
- using CRA resources or credit cards for personal gain
- misusing CRA status off duty
- plagiarism
- approving personal expenses
- sharing credentials
- making inappropriate comments while representing the agency
- mishandling calls
- sleeping on duty.
Additional reputational cases involved missing timesheets, manipulating email and calendar systems to create the appearance of being at work, ignoring formal expectations or requirement letters and teleworking from unauthorized or public locations while sometimes using personal devices for official duties, according to the CRA.
Misuse of public funds
Misuse of property and public funds was also flagged. There were 53 founded incidents involving CRA assets and facilities, including unauthorized or careless use of CRA or taxpayer property and unacceptable activity on electronic networks, according to the agency.
Examples included:
- using CRA assets or property outside Canada for one to 45 days
- generating roaming or long-distance charges
- making personal purchases on CRA acquisition cards
- negligent handling of agency assets
- manipulating laptops or using false online meetings to keep systems active while not working
- sharing CRA login credentials with other parties.
In the “failure to protect and manage public funds” category, 42 founded cases were recorded, 86 per cent of which involved falsifying attendance, according to the CRA.
Misconduct in that group included submitting timesheets for hours not worked, logging in late, logging off early, missing scheduled shifts and long periods of inactivity while still being on the clock, with misreported hours ranging from 65 to 1,352 and between 49 and 210 false or missed timesheet entries, according to the report.
Poisoned environment, privacy breaches
The CRA logged 31 founded incidents tied to failures to foster a healthy and respectful workplace, including 20 cases where behaviour contributed to a poisoned work environment, according to the report.
Cited examples included aggressive or disrespectful language toward supervisors or members of the public via MS Teams or email, as well as inappropriate conduct toward colleagues or the public through phone calls, online platforms, email or physical contact, according to the CRA.
Beyond misconduct cases, the CRA recorded 44 privacy breaches, 18 of which were deemed material, with 31 incidents triggering notifications to taxpayers, according to the agency.
A recent Ontario Human Rights Tribunal (HRTO) decision served as a reminder to Canadian employers that repeated behaviour – even over a brief period – can transform a workplace into one that is legally “poisoned,” with significant consequences under human rights law.
CERB-related terminations
The 2024–2025 period also saw the completion of a large internal probe into employees who allegedly made improper claims under the Canada Emergency Response Benefit (CERB), which provided up to $2,000 per month for as long as seven months to people directly affected by the COVID-19 pandemic.
Certain employees were found to have fraudulently applied for and received CERB payments and were subject to discipline up to and including dismissal, according to the report.
In total, 109 disciplinary measures in 2024–2025—including 78 terminations, representing 72 per cent of those measures—were linked to CERB investigations.
Code of Integrity at CRA
More than 55,000 employees across Canada are subject to the Code of Integrity and Professional Conduct, the Directive on Conflict of Interest and the Values and Ethics Code for the Public Sector, according to the federal government.
Data on disciplinary measures, types of findings, grievances, security revocations and privacy breaches are only included when they are directly tied to a disciplinary outcome and meet thresholds for statistical relevance, according to the report.
Employees can report allegations of misconduct through a variety of channels, including both anonymous and confidential options, under a “no wrong door” approach that routes all complaints to the proper review mechanism, according to the CRA.
