CPA hit by cyberattack resulting in data breach

Supported By:

Net Patrol International Inc.  Data Investigation and Forensic Services
Bankruptcy and Insolvency Trustees

Toronto (June 5, 2020) – Chartered Professional Accountants Canada (CPA) fell victim to a cyberattack. Their website was targeted and the personal information of more than 329,000 subscribers of CPA Magazine was breached including names, addresses, emails, and employer names. The CPA has notified potentially affected individuals of the data breach directly and warned them that the information could be used in email phishing scams. Stolen passwords and credit card numbers were protected by encryption.

The Chartered Professional Accountants Canada (CPA) disclosed a cyberattack on their website that resulted in a data breach, according to a press release from June 4. The accounting group said that the personal information of subscribers of CPA Magazine is affected.

Personal information of 329,000 people disclosed in data breach

CPA Canada discovered that cybercriminals accessed certain contact information through a cyberattack against the CPA Canada website. The personal information of more than 329,000 members and stakeholders, who subscribed to the CPA Magazine, were breached. The disclosed data includes names, addresses, emails, and employer names. The CPA said passwords and credit card numbers were protected by encryption.

CPA did not reveal when the breach occurred. However, the cyberattack was discovered after a phishing campaign targeted its members in April of this year, according to a CPA statement. Subsequently, the accountants organization notified its members about the phishing activity back then.

The CPA clarified that provincial and regional CPA partners were not targeted in this attack.

Potentially affected individuals notified

During an investigation, the accounting group worked with cybersecurity experts to ensure that its systems were promptly secured and to identify what information was involved. Moreover, the CPA pointed out that since it learned of the cyberattack, it has further enhanced its security measures. ‘CPA Canada took immediate steps to secure its systems and conduct a comprehensive analysis to determine what information may have been involved,’ read the statement.

The organization has notified potentially affected individuals directly about the breach. Furthermore, it contacted law enforcement, the Canadian Anti-Fraud Centre, and privacy authorities. ‘Safeguarding the information in our care is one of our most important responsibilities and we sincerely regret any concern this incident may cause,’ CPA Canada President and CEO Joy Thomas said in the release.

Read more: One year of mandatory breach reporting – over 28 million Canadians affected

Victims at risk of targeted phishing scams

The CPA warned the victims that the breach could be used in email phishing scams and encourages those affected to remain vigilant.

‘We encourage individuals to remain vigilant, as always, about any emails, text messages or phone calls you may receive asking you to provide sensitive information or click on links or attachments, or that use urgent or threatening language, even if they appear to come from CPA Canada or an individual or company you know or trust.’

Read more: Marriott data breach is latest major cyberattack

Unfortunately, the recent CPA data breach is only one of numerous attacks on various businesses and organizations including Bell, BioStar 2, Capital One, LifeLabs, and Desjardins that resulted in interference with people’s personal details. In April, Marriott International confirmed its second cyber attack leaving 5.2 million customers with the prospect of identity theft. In late February, the telecommunications company Rogers found out that one of the companies it deals with left a database open compromising the personal information of many customers.