Waterloo Brewing says it has lost millions in a social engineering cyberattack.
In a release, the Kitchener firm announced that the attack occurred in early November and has not yet recovered any of the $2.1 million stolen.
The company says the money was wired to a fraudulent third-party account.
Waterloo Brewing says it is working to recover the missing money but there is no guarantee it will get it back.
It says it has hired an independent IT services provider to investigate the company’s systems and is also working with its auditors and bank to ensure that appropriate steps have been taken to mitigate the chance of any future occurrences of similar cyberattacks.
Waterloo Brewing says it became aware of the attack this week before it notified local police services as well as the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC) and the United States’ Finance Crimes and Enforcement Network (FinCen).
A spokesperson for the Waterloo Regional Police confirmed that they are aware of the attack and are investigating.
“As cybercrimes continue to evolve we see new threats surfacing each year,” police spokesperson Cherri Greeno told Global News. “Some of these include social engineering, ransomware, hacktivists, as well as sophisticated network compromises.”
Waterloo Brewing is the province’s largest Canadian-owned brewery and was also the first craft brewer to set up shop in Ontario.
The brewery is just the latest to fall for online schemes where fraudsters impersonate actual employees to ask for money transfers.
MacEwan University in Alberta lost $11.8 million in 2017 after fraudsters impersonated a vendor and asked the university to transfer accounts payable to a new bank account.
This past April, the City of Ottawa treasurer transferred nearly US$100,000 to a fake supplier after scammers posed as the city manager.
The Canadian Anti-Fraud Centre recommends employees know how to verify requests for money before making payments.
— With files from The Canadian Press