Revenue Commissioners confirm its systems are safe from Heartbleed bug

11 Apr 2014

Ireland’s tax authority, the Revenue Commissioners, has confirmed its public-facing and internal systems have been checked and are safe from the Heartbleed bug vulnerability.

While it is unclear if other Irish Government departments and State bodies have checked their systems, in Canada, the country’s CIO ordered that federal departments using software vulnerable to the so-called Heartbleed bug to immediately disable public websites.

Earlier this week, a team of researchers found a massive flaw in OpenSSL, an online encryption program used by thousands of websites worldwide that can be manipulated to send the content of a computer’s random access memory (RAM).

OpenSSL is used on public-facing websites such as Gmail, Facebook and PayPal, and it is believed that up to 17pc of the internet could be vulnerable to the bug.

Apple has said its network services, such as iCloud and iTunes, are safe from attack, while Yahoo! has instructed all users to change their passwords to alleviate any chance of their systems being attacked or accessed by hackers.

Safe from Heartbleed Bug

“There has been increasing concern from security advisers and the public generally relating to the discovery of a significant flaw in a cryptographic library used globally to digitally scramble data as it passes to and from computer servers,” a spokesperson for the Revenue Commissioners told

“The Revenue Commissioners would like to confirm that its public-facing and internal systems have been checked and are safe from this vulnerability, which has been termed the ‘Heartbleed bug’.

“Taxpayers can continue to use its online services without any security concerns.

“These services include ROS, LPT/Household Charge Arrears, PAYE Anytime and the just-launched Home Renovation Incentive product.

“In addition, Revenue is certified to the ISO27001 standard. This is a globally recognised Information Security Standard that has been awarded for Revenue’s internet facing sites. The standard is independently audited and sets requirements in areas such as information security organisation, data handling and networks; ensuring that taxpayers’ personal information is secure,” the spokesperson said.

John Kennedy is a journalist who served as editor of Silicon Republic for 17 years