ISA is committed to keeping the security community up to date with the latest cybersecurity news.
CPA Canada data breach affects up to 329,000
The Chartered Professional Accountants of Canada (CPA) organization has issued a web posting and news release confirming that a cyberattack against their flagship CPA Canada website provided unauthorized access to the personal information of “over 329,000 individuals, including members and other stakeholders.”
The June 4 news release advised that names, addresses, emails, and employer information were accessed, predominantly from CPA’s mailing list for Pivot, the profession’s bi-monthly magazine. CPA also conceded that more sensitive information like passwords and financial information had been exposed, but was protected by encryption.
CPA Canada confirmed that they had taken immediate steps to contain the incident, secure their systems, and notify the affected individuals. Their bulletin provided a warning that the compromised information could be used to craft phishing or spear phishing attacks, and reminded readers about the importance of staying watchful for malicious emails given the situation. CPA Canada has also been in contact with the RCMP’s Anti-Fraud Centre and appropriate privacy authorities according to provincial and PIPEDA obligations.
The June 3 web posting suggested that the incident may have connected to an earlier warning that CPA Canada distributed and posted to its membership this spring. In a web posting on April 24, CPA Canada informed users that they had identified potential phishing activity related to the organization’s website and selected CPA members. The phishing emails reportedly appeared to originate from the IT department of the employer of the targeted individual, encouraging the reset their CPA Canada password due to a supposed breach at cpacanada.ca.
Formed in 2013, CPA Canada was created by the unification of the Certified General Accountants of Canada (CGA Canada), the Society of Management Accounts of Canada (CMA Canada), the Canadian Institute of Chartered Accounts (CICA), and some 40 other accounting bodies throughout and Canada and Bermuda. CPA Canada has a membership of over 217,000 accountants, making it one of the largest national accounting associations in the world.
InfoSecurity Magazine publishes 2020 State of Cybersecurity Report
InfoSecurity magazine has released its third annual state of cybersecurity report. The scope of the report has expanded for the third consecutive year, with the 2020 report summarizing observations from 75 academic and industry cybersecurity professionals. Unsurprisingly, COVID-19 figured prominently in the 12-page report, with the pandemic affecting a number of the top trends for 2020.
The effects of COVID-19 ranked as the number one trend in cybersecurity for the year. The pandemic has had wide-ranging impacts to securing home users and rapidly-deployed remote workforces, in addition to generating dramatic increases in spoofed websites, phishing attacks, and insurance/benefits fraud. Trend two revolved around cloud technology: with the sudden push to support virtual operations, many companies have had to accelerate their digital transformations to be more agile, innovative and responsive by exploring cloud solutions. Trend three related to artificial intelligence (AI) and machine learning (ML) in the cybersecurity world. The speed, complexity, and volume of cyberattacks has made the scale of digital threats greater than ever, while at the same time, bigger and faster computing resources have given AI and ML the potential to defend against these emerging attack profiles. The fourth trend spoke to “The Human Element” of cybersecurity. While a worldwide lack of skilled technical resources persists, the importance of cybersecurity specialists in modern operations is increasingly being recognized by employers. Further, humans are still seen as a last line of defense against phishing attacks, so continuing education and cyber awareness efforts remain critical. Rounding out the top five is phishing: modern phishing attacks are more sophisticated and professional-looking than ever. “Phishing-as-a-service” operations are widely available on the dark web, with spear phishing, and “SMShing” (phishing by text) attacks rising sharply in early 2020 as well.
Compliance, a top-five trend in cybersecurity, dropped out of the top five trends for first time in the history of the survey.
Google faces $5 billion lawsuit for tracking ‘private’ internet use
According to a Reuters report on June 2, Google LLC is being sued in a proposed class action accusing the internet product and service company of invading the privacy of millions of users by tracking their internet use through browsers set in “private” mode. The $5-billion (US) lawsuit accuses Google of collecting and using data about users’ browsing habits, even if their browsers are set in a so-called “incognito mode”. According to the complaint, Google gathers data through Google Analytics, Google Ad Manager and other applications and website plug-ins, including smartphone apps, regardless of whether users click on Google-supported ads. This data collection covers users’ friends, interests, habits, and the “most intimate and potentially embarrassing things” they search or visit online. The plaintiffs argue that these practices violate both American wiretapping laws and California state privacy laws.
Google, a wholly-owned subsidiary of Alphabet Inc., is prepared to “vigourously” defend themselves in court. In a prepared statement, Google representative Jose Castaneda responded, “Incognito mode in Chrome gives you the choice to browse the internet without your activity being saved to your browser or device. As we clearly state each time you open a new incognito tab, websites might be able to collect information about your browsing activity during your session.”
The lawsuit seeks $5000 for each user potentially affected over the timeframe of the proposed action (June 1, 2016 to date). The matter is being handled out of the San Francisco office of New York-based law firm Boies Schiller & Flexner.