The organization Chartered Professional Accountants of Canada (CPA) revealed that website CPA Canada violated hackers, allowing unauthorized access to personal data members. Data breaches affect more than 329.000 members and other interested parties.
CRA Canada is a national organization with more than 217.000 members. It is one of the largest national accounting bodies in the world.
The National Accounting Authority was created by the merger of three other Canadian accounting organizations: Society of Management Accountants of Canada (CMA Canada), Canadian Institute of Chartered Accountants (CICA), and Certified General Accountants of Canada (CGA-Canada).
Warning to affected members
"The information involved is mainly related to the distribution of CPA Magazine and includes personal information such as names, addresses, email addresses and the name of the employer," the statement said. infringement.
According to the agency, they have also been exposed passwords and full credit card numbers. However, this information was encrypted.
CPA Canada also contacted them services law enforcement, the Canadian Anti-Fraud Center and the authorities to inform them of the data breach.
"Information retention is one of our most important responsibilities and we sincerely regret any concerns that may be caused by this incident," said CPA Canada President and CEO. Joy Thomas.
According to the organization, the attack on the CRA Canada site and the subsequent data breach were discovered after a Phishing campaign which targeted its members in April.
The agency sent a notice to all its members warning of the current phishing campaign on April 24, 2020.
“We have been notified of suspicious email notifications received by members. The emails they are asking for a change in the CRA Canada password, due to a breach of cpacanada.ca ”, said the notice sent by the organization.
"Members are urged not to follow the instructions of the suspicious emails that encourage the change of the password. access CPA Canada ”.
"CPA Canada continues to monitor the security of its platform and does not deal with anything unusual. In addition, the password reset process access it remains safe, "the statement said.