I can answer the first part of that question, Mr. Chair.
The CRA has been proactively using different methods and third parties to look for signals that accounts have been identified and potentially compromised. This is anything from, again, going back to the capabilities where there have been previous compromises or known lists of identities that are suspicious. All they do is deactivate the accounts. They contact the users, and they tell them that they may have been compromised and that this may have been part of some other event that may affect other accounts like their bank accounts, Facebook accounts and things like that. It is giving Canadians a proactive piece of advice that they need to look at their cyber-hygiene and that they need to take action.
With regard to the CRA accounts, there's a process for them to re-establish their accounts. They don't lose their accounts permanently. It's just that they have to reset their passwords and re-establish their identities.
I would leave it to Mr. Jones to talk about what other cyber-hygiene activities Canadians should take to protect themselves overall when this happens or just even as part of due course.