[BreachExchange] Data breach affects 329,000 CPA stakeholders

Destry Winant destry at riskbasedsecurity.com
Fri Jun 5 10:23:33 EDT 2020


TORONTO — A cyberattack on the Chartered Professional Accountants of
Canada website has affected the personal information of more than
329,000 members and stakeholders, the organization said.

The information includes names, addresses, emails and employer names,
but passwords and credit card numbers were protected by encryption,
CPA Canada said.

It warned the data could be used in email phishing scams and
encouraged those affected to "remain vigilant."

The attack by "unauthorized third parties" occurred between Nov. 30
and May 1, according to an internal investigation carried out with the
help of cybersecurity experts.

The organization said it beefed up its security measures and contacted
the Canadian Anti-Fraud Centre and privacy authorities after learning
of "a possible security incident" the week of April 20.

"Upon discovering this, CPA Canada took immediate steps to secure its
systems and conduct a thorough analysis to determine what information
may have been involved," the group said in an email.

"There is no evidence that the encryption keys were affected in this
incident and we have no reason to believe the encryption was

The personal information relates mainly to the distribution of CPA
Magazine and everyone affected has been notified, the organization

Hacks against a wide range of companies since 2018 have included
medical test laboratory LifeLabs and credit union Desjardins, which
combined saw the theft of the personal information of more than 19
million Canadians.

More information about the BreachExchange mailing list