Canada Post, the primary postal operator in Canada, has experienced a data breach. According to a press release from Canada Post, the data breach resulted from a malware attack that targeted the postal service’s key supplier. The supplier in question, Commport Communications, notified Canada Post about the breach as soon as they understood the magnitude of the situation.
In its investigation, Canada Post uncovered the following about the data breach:
There is no evidence that any financial information was breached. In all, the impacted shipping manifests for the 44 commercial customers contained information relating to just over 950 thousand receiving customers. After a thorough review of the shipping manifest files, we’ve determined the following:
- The information is from July 2016 to March 2019
- The vast majority (97%) contained the name and address of the receiving customer
- The remainder (3%) contained an email address and/or phone number
The press release states that Canada Post is taking all necessary steps to inform the affected customers. Additionally, Canada Post has contracted third-party experts to handle the extensive forensic work needed to still be completed.
In an attempt to assuage concerns of their competency in handling cybersecurity incidents, Canada Post spoke of a prior incident in 2020. Below is the excerpt of this statement:
While the breach occurred via a supplier, Canada Post respects customer privacy and takes matters of cyber security very seriously. We also sincerely regret the inconvenience this will cause our valued customers. In November 2020, Commport Communications notified Innovapost, Canada Post’s IT subsidiary, of a potential ransomware issue, which was investigated with Commport Communications advising there was no evidence to suggest any customer data had been compromised at that time.
As this is an ongoing investigation, the information is bound to change with the passing days. Any major updates will be shared as they become available.
Featured image: Flickr / Chupacabra Viranesque