The Chartered Professional Accountants of Canada (CPA) disclosed a security breach that affected over 329,000 members and stakeholders of the association. It is said that unknown hackers compromised the CPA Canada website and obtained information related to the distribution of its magazine. The exposed information includes names, home addresses, email addresses, and other sensitive information. However, CPA clarified that information like passwords and credit card numbers were protected by encryption. “There is no evidence that the encryption keys were affected in this incident and we have no reason to believe the encryption was compromised,” the company said in its security incident report.
According to CPA Canada, the attack by unauthorized third-party members occurred between November 30, 2019 and May 1, 2020. The company warned the compromised data could be used in phishing scams and urged the affected users to remain vigilant. While hackers behind the cyberattack are unknown, CPA Canada stated that it beefed up its security measures and contacted the Canadian Anti-Fraud Centre and privacy authorities for further investigation on the incident.
CPA Canada is the national organization representing the Canadian accounting profession, with over 210,000 chartered professional accountants in Canada and around the world. It conducts research on business issues, supports the setting of accounting, auditing and assurance standards for businesses, non-profits, and the government.
“CPA Canada worked closely with cybersecurity experts to conduct its investigation, to ensure that its systems were promptly secured and to identify what information was involved. In addition to notifying potentially affected individuals directly, we have contacted law enforcement, the Canadian Anti-Fraud Centre, and privacy authorities where applicable,” the company said in a statement.
The statement added, “We encourage individuals to remain vigilant, as always, about any emails, text messages or phone calls you may receive asking you to provide sensitive information or click on links or attachments, or that use urgent or threatening language, even if they appear to come from CPA Canada or an individual or company you know or trust.”
Canadians Refuse to Divulge Personal Data
A survey report from the Canadian Internet Registration Authority (CIRA) revealed that most Canadians refuse to provide their personal information to access free online services. The report “2020 Canadians Deserve a Better Internet Report” disclosed that except online banking services (52%), most Canadians stated that they are unwilling to share their sensitive data for better products and services online. Only 26% of respondents admitted that they are willing to give personal information in return for better video streaming services. Around 23% of Canadians stated that they disclose personal details to use social media services and 15% are willing to share personal data for access to internet-connected devices like baby monitors.