Rights & Money

Cyberattack Hits Canadian Accountants’ Organization

Stolen names and addresses could be used in attempts to get more personal data

By Erika Morris


The Chartered Professional Accountants of Canada has notified more than 329,000 members and stakeholders that some of their personal data was compromised in a cyberattack. In a press release, CPA Canada said the information was acquired by “unauthorized third parties” between November 30, 2019, and May 1, 2020

“We immediately took steps to contain the incident and secure our systems, undertake a thorough investigation to identify those affected, and then notify them of the incident,” Joy Thomas, president and CEO of CPA Canada, said in the release.

The information collected relates mainly to the distribution of CPA Magazine. The organization also notified the Canadian Anti-Fraud Centre and privacy authorities.

The information taken included names, addresses, e-mails, and employer names, but passwords and credit card numbers were protected by encryption.

Because the data stolen could be used in phishing attempts, CPA Canada warned “affected individuals to remain vigilant about any e-mails they may receive asking them to provide sensitive information or click on links or attachments, even if they appear to come from CPA Canada or an individual or company they know or trust.”

“CPA Canada has further enhanced its security measures since it learned of this event,” said the organization’s statement. “CPA Canada is committed to continuing to explore additional opportunities to further strengthen our cybersecurity program.”

One of the largest national accounting organizations in the world, CPA Canada promotes the setting of accounting, auditing, and assurance standards while offering services such as research and educational programs.

Photo: iStock/GOCMEN.