TORONTO — A cyberattack on the Chartered Professional Accountants of Canada website has affected the personal information of more than 329,000 members and stakeholders, the organization said.
The information includes names, addresses, emails and employer names, but passwords and credit card numbers were protected by encryption, CPA Canada said.
It warned the data could be used in email phishing scams and encouraged those affected to "remain vigilant."
The attack by "unauthorized third parties" occurred between Nov. 30 and May 1, according to an internal investigation carried out with the help of cybersecurity experts.
The organization said it beefed up its security measures and contacted the Canadian Anti-Fraud Centre and privacy authorities after learning of "a possible security incident" the week of April 20.
"Upon discovering this, CPA Canada took immediate steps to secure its systems and conduct a thorough analysis to determine what information may have been involved," the group said in an email.
"There is no evidence that the encryption keys were affected in this incident and we have no reason to believe the encryption was compromised."
The personal information relates mainly to the distribution of CPA Magazine and everyone affected has been notified, the organization said.
Hacks against a wide range of companies since 2018 have included medical test laboratory LifeLabs and credit union Desjardins, which combined saw the theft of the personal information of more than 19 million Canadians.
This report by The Canadian Press was first published June 4, 2020.