The Association of Professional Engineers and Geoscientists (APEGA) had a wake-up call last week, when hackers “phished” the e-mail of chief executive officer Mark Flint.
As a result, information about members was passed on to an unknown third party. Although APEGA called the release a “significant” breach when they first discovered what happened in the morning on Monday, September 21, their database was not hacked and no credit card or password information was released.
Phishing involves a hacker managing to simulate someone’s e-mail. The third party phished Flint’s e-mail, posing as him to request the member information.
Flynn personally apologized for any inconvenience to the 75,000 members in a video announcement. The names of the members were already published, but private e-mails were also released. The members also have to reset their passwords to use the self-service centre, which is used for paying dues, updating personal information, etc.
The association immediately reported the breach to the Edmonton police service and Alberta Privacy Commission, and it has also asked independent experts to investigate.
Philip Mulder, head of communications with APEGA, says the association is treating what happened as a learning experience rather than looking to blame anyone. The association set up a temporary call centre, with people to answer inquiries over the past weekend. Also it has already changed its internal policies so that any future release of information has to have verbal approval from senior managers, rather than e-mail approvals.