P2020-ND-048

Canadian Physiotherapy Association

On October 24, 2019, the Organization learned that it was the victim of a social engineering and phishing attack when a vendor followed up regarding payment of an invoice. The Organization discovered a wire transfer had been made to a threat actor posing as the vendor. On November 21, 2019, following an investigation, the Organization learned that there had been an intrusion into two employee inboxes. The suspected point of entry was a phishing email likely received by the employees. The Organization reported it is possible that the threat actors exfiltrated the contents of one of the inboxes, although there is no evidence indicating the threat actor has misused any of the personal information to which it may have access. The incident occurred between October 2, 2019 and November 26, 2019.

File Type: pdf
Categories: 2020
Tags: Unauthorized disclosure