WINNIPEG -- The Canada Revenue Agency has temporarily shut down its online services, after it was hit by two cyberattacks in a data breach that compromised the personal information of thousands of Canadians.

The CRA says at least 5,500 accounts were affected by the seperate hacks, which it says are now “contained.” The CRA’s ‘My Account,’ ‘My Business Account’ and ‘Represent a Client’ were targeted in the cyberattacks and have been temporarily disabled.

“As an additional precaution, the CRA has temporarily disabled online services,” said a spokesperson for the CRA in an email to CTV Sunday.

The breaches involved fraudulent CERB payments. Email addresses and direct deposit information were also exposed.

“In this incident, the usernames and passwords that were used were acquired by fraudsters in previous third-party data breaches,” said the CRA. “To help lower the risk of being affected by these kinds of cyberattacks, people are strongly encouraged to avoid reusing passwords for different systems and applications.”

The CRA has contacted RCMP and an investigation is now underway.

The agency is sending letters to people whose accounts have been compromised.

“The CRA is prioritizing calls from the victims of fraud and identity theft, and is answering calls as quickly as possible,” said the email.

The agency is recommending ‘My Account’ users enable email notifications, which the CRA said can act “as an early warning to Canadians of potential fraudulent activity on their account.”