National accounting organization Chartered Professional Accounts Canada (CPA Canada) has discovered that its website was breached by an unauthorized third party, potentially exposing the personal information of many members.
In a statement, CPA Canada said that immediately after it discovered the breach it worked with cybersecurity experts to secure its systems and conduct a “comprehensive analysis” to determine what sort of information may have been comprised by the attack.
“Safeguarding the information in our care is one of our most important responsibilities and we sincerely regret any concern this incident may cause,” said CPA Canada president and CEO Joy Thomas. “We immediately took steps to contain the incident and secure our systems, undertake a thorough investigation to identify those affected, and then notify them of the incident.”
The investigation revealed that the breach affected more than 329,000 individuals – both members and other stakeholders. The information that was potentially compromised was mainly related to the CPA’s magazine subscription service. Such information included names, addresses, email addresses and employer names. CPA Canada offered assurances that in cases where passwords and full credit card numbers were affected, they were all protected by encryption.
The organization has notified affected individuals of the cyberattack and warned them that the information stolen could be used for the purposes of targeted phishing scams. CPA Canada also maintained that the cyberattack did not affect any of its provincial and regional partners.
CPA Canada also revealed that, in addition to notifying the affected, it has been in contact with the Canadian Anti-Fraud Centre and other privacy authorities.