On June 4th, the Chartered Professional Accountants of Canada (CPA Canada) notified individuals of a data security incident affecting personal information held by the organization. The breach affects 329,000 individuals. The compromised information relates to the distribution of the CPA Magazine and includes personal information such as names, addresses, email addresses and employer names. Any passwords or credit card numbers affected were protected by encryption.
The breach occurred between Nov. 30 and May 1, according to an internal investigation carried out with the help of cyber security experts. The organization has since beefed up its security measures and contacted the Canadian Anti-Fraud Centre and privacy authorities after learning of “a possible security incident” the week of April 20. CPA Canada says, “There is no evidence that the encryption keys were affected in this incident and we have no reason to believe the encryption was compromised.”
Even though passwords and credit card information was encrypted, CPA Canada warned members that their information could be used in phishing campaigns: “CPA Canada is encouraging affected individuals to remain vigilant about any emails they may receive asking them to provide sensitive information or click on links or attachments, even if they appear to come from CPA Canada or an individual or company they know or trust.”
The above situation shows why a phishing awareness campaign is important for every member of your organization. Cyber security isn’t just an IT responsibility. In fact, finance workers in an organization often hold the “keys to the kingdom” when it comes to corporate financial information. Similar to the fraud that befell Barbara Corcoran, when a phishing email sent to the bookkeeper almost cost her $380,000. Expect a huge wave of phishing emails targeting Canadian Financial executives to commence. Contact Uzado today to learn more about our phishing awareness program. 