Exploit: Phishing
Chartered Professional Accountants of Canada: Professional Membership Organization

Risk to Small Business: 1.317 = Severe 

The organization recently disclosed that personal information for its members had been compromised following a successful phishing attack in April. CPA Canada announced the results of its completed investigation, determining that the compromised information primarily affected subscribers of its CPA Canada magazine and an indeterminate number of website users. Impacted members were sent a phishing email asking them to change their user information on the organization’s online platform.

Individual Risk: 2.238 = Moderate 

The security alert sent to all users of the CPA Canada website or magazine subscribers notes that members should be wary of spear phishing emails using industry-specific details from CPA Canada and change their login credentials on the website as a safety precaution.

Customers Impacted: 329,000

How it Could Affect Your Customers’ Business: A data breach caused by a human error like phishing is a sign to an organization’s membership that it doesn’t take those members’ information security seriously, making it harder to retain members and sell professional resources.

Source:
https://www.bleepingcomputer.com/news/security/cpa-canada-discloses-data-breach-affecting-329-000-individuals/?&web_view=true