Leading accounting firm MNP hit with cyberattack

A leading accounting firm in Canada forced a company-wide shutdown of their systems after getting hit with a cyberattack last weekend, BleepingComputer has learned.

Canadian accounting firm MNP’s systems were impacted last weekend in what BleepingComputer was told was a ransomware attack.

MNP employees have told BleepingComputer that accountants were sent text messages asking them to bring their laptops into the office to be secured before reconnecting to servers.

MNP has over 80 offices, and employees told us that most were kept offline as the investigation continued. During this period, accountants were told to be on standby to work if and when the systems went back online.

Ultimately, we are told that most of the offices were closed for the entire week and accountants were not able to work.

It was explained to BleepingComputer that MNP accountants are salaried for 37.5 hours a week. Any hours that they work over this number are banked as overtime to be used towards future time off. 

Due to offices being shut down for a week, MNP is deducting approximately 32 hours of banked overtime from affected employees. One employee was concerned that if they go negative on their OT bank due to this hack, they would end up owing MNP instead of getting paid.

One employee that we spoke to was “disgusted” by how MNP handled the situation and thought it was unfair that their banked time should be used because the company got hacked.

In a statement to BleepingComputer, Randy Mowat, Senior Vice President, Marketing, MNP confirmed that they were affected by a cyberattack and had to shut down systems across the firm.

“MNP can confirm that we recently experienced a cyber security incident which affected our systems.  We became aware of this on the morning of April 5, 2020.

We moved quickly to address the incident, shutting down access to our systems across the firm to minimize any impact.  We immediately engaged a team of experts to investigate the incident and we notified law enforcement.  

Our investigation is expected to last several more weeks. Until it is further along, we are not able to determine with certainty the impact, if any, on our clients. Once that investigation is completed, if it has been determined that client information was impacted, we will take the appropriate and immediate steps to communicate directly with them.

We have appreciated the patience of our team members and clients as we worked our way through this and we apologize for any inconvenience.”

When BleepingComputer asked for more details about the attack, including why employees’ banked overtime was being deducted, we were told that they would not be providing further comment.

Companies must treat ransomware attacks like data breaches…

Read The Full Article