The AICPA said on Thursday that it was not the victim of a cyberattack, days after an article surfaced online stating that threat actors had bragged on an online forum that they compromised an AICPA database with more than 140,000 emails and corresponding passwords.
The website Cybernews wrote on Tuesday that cyberthieves had attached samples of the data on the online forum as proof of legitimacy.
But in a statement sent to CPA Practice Advisor this morning, the AICPA said, “We became aware of the Cybernews article earlier this week. Our IT incident response team began immediate assessment and testing of the allegedly compromised trove of emails and passwords, enlisting third-party cybersecurity firms as part of that process. We’ve concluded the hacked emails are not connected to AICPA and CIMA. They appear to be from previously disclosed breaches of other, unrelated organizations.
“Unfortunately, hacking scams are increasingly common for organizations large and small. We spend a lot of time investing in our own cybersecurity to keep our members’ data safe and to provide the accounting profession with best practices and resources to support it in this area.”