A breach at Charter Professional Accountants of Canada (CPA Canada) by an unauthorized third party exposed the personal information of 329,000 individuals.

“329,000 professionals are now at risk of sustained attacks, and therefore their clients are at risk,” said Colin Bastable, CEO of Lucy Security. “Accounting firms’ numbers of clients can range from the tens to the hundreds – these clients are where the money is. Expect to see multiple CEO fraud, business email compromise (BEC) fraud, ransomware attacks and ongoing phishing attacks against the accountants and, subsequently, their clients.”

The information involved predominately relates to the distribution of the CPA Magazine and includes personal information such as Names, addresses, email addresses and employer names – largely data associated with the distribution of CPA Magazine – was potentially compromised in a cyberattack on the organization’s website, CPA Canada said in a release.   

“We immediately took steps to contain the incident and secure our systems, undertake a thorough investigation to identify those affected, and then notify them of the incident,” CPA Canada President and CEO Joy Thomas said in a statement, which noted that the organization has since enhanced its security posture.

“One has to ask why they did not take appropriate steps to secure their systems before the attack?” said Bastable. “Attacks cascade and reverberate long after the headlines have faded and the 12 months creit monitoring has ended.”

Paul Bischoff, privacy advocate at Comparitech, warned accountants who belong to CPA Canada to “be on the lookout for targeted phishing and scam emails from cybercriminals posing as clients, employers, and other accountants” and avoid clicking on attachements and links in unsolicited emails. “Always double check email addresses and URLs for correct spelling,” Bischoff. “If you’re not sure whether an email is legitimate or not, reach out to the other party through contact information found elsewhere, such as a web search.”