The cyber-bug that facilitated the theft of 900 Canadian social insurance numbers seems also to have disabled the government's tongue.
The information coming out of Ottawa about the threat has been woefully inadequate, particularly on what it will do to protect Canadians who may become victims of identity theft. Nor have any details emerged on who or what else may be at risk because of the so-called Heartbleed bug, even though computer experts are anticipating more damaging news.
The head of the Canada Revenue Agency, where the online breach occurred, said he shares "the concern and dismay" of people whose privacy was breached.
He added victims would be offered free access to credit-protection services, but there was no word on a range of questions, including if Ottawa would accept liability for any personal losses or costs.
As of Monday afternoon, it was still unknown how many government websites were affected or shut down last week. Canada Revenue's website was shuttered on Wednesday, but reopened Monday morning after discovery of the data breach.
Treasury Board president Tony Clement, whose department is responsible for information security, has not peeked out of his fox hole since Heartbleed was discovered early last week.
Canadians deserve more answers on a range of questions, including why it took so long to repair the problem and what is being done to protect the private information of Canadians.
Social insurance numbers (SIN), for example, are among the most sensitive information that could be stolen under the government's nose.
The SIN serves as a client account number for the Canada Pension Plan, employment insurance programs and for tax purposes. As such, it opens a very large window into a person's identity, including address, birthdate, workplace, family status and other critical details that could be used for criminal purposes.
It is not enough for a civil servant to say he is concerned or that victims will be shown how to protect themselves in the future.
Mr. Clement needs to step up with more information about what Ottawa is doing to protect Canadians, which is the prime function of government.
Heartbleed was not a cyber-attack, but a glitch in the Internet software that is supposed to provide security and privacy. The bug compromised the integrity of the padlock, opening the door to hackers, thieves and criminals.
The problem surfaced two years ago, but it's unclear when Canada's security establishment learned about it. The American National Security Agency reportedly knew about it immediately, but used it for spying purposes, a charge it denies.
Although its origins were benign, Heartbleed has seriously undermined confidence in a medium that is the basis for the world's economy.
Governments and private industry are constantly under attack by cyber-criminals and foreign governments seeking intelligence and trade secrets. The private information of some 110 million Target customers alone was hacked earlier this year in what was merely the latest in a series of similar assaults.
A massive attack, or another Heartbleed, that interrupts or destroys critical services could cause a temporary or complete collapse of computer-dependent societies.
The point is, we are living in an age of great danger and risk, a time when the entire electrical grid or municipal water service could be knocked out by a cyber-attack, or another digital glitch like Heartbleed.
Under these circumstances, it is unacceptable the Harper government has responded with such self-satisfaction, as if what happened was a minor inconvenience.
The damage may, indeed, turn out to be minimal, but that doesn't justify complacency when the risks are potentially enormous. It shouldn't take yet another wake-up call to cause a stir in government.