Breach Notification , Fraud Management & Cybercrime , Ransomware

Canada Post: Breach Affects 1 Million

Ransomware Attack on Vendor Exposed Data
Canada Post: Breach Affects 1 Million

Canada Post, the nation's primary postal operator, reports that personal information on almost 1 million of its customers was compromised when one of its vendors suffered a ransomware attack last year.

See Also: NHS Ransomware Attack: Healthcare Industry Infrastructures Are Critical

Commport Communications, which manages shipping manifest data for Canada Post, on May 19 informed the postal service it had suffered a data loss from a ransomware attack last year. When it originally reported the attack in November 2020, Commport reported that no data had been compromised.

Aurora, Ontario-based Commport Communications is an electronic data interchange solutions provider that handles shipping manifests for 44 of Canada Post's postal service commercial customers. Its compromised system contained information on more than 950,000 individual postal customers.

"Shipping manifests are used to fulfill customer orders. They typically include sender and receiver contact information that you would find on shipping labels, such as the names and addresses of the business sending the item and the customer receiving it," Canada Post says in a statement on the breach.

Information that was exposed was from the period of July 2016 to March 2019. About 97% of the exposed records contained the name and address of the receiving customer, with the remaining 3% adding an email address or telephone number, Canada Post says.

Commport Communications did not immediately respond to a request for additional information.

The Investigation

Canada Post says a detailed forensic investigation into the 2020 event did not find any evidence that any financial information had been breached. But it notes that the investigation is continuing.

"We are now working closely with Commport Communications and have engaged external cybersecurity experts to fully investigate and take action," Canada Post says. "We are proactively informing the impacted business customers and providing the information and support necessary to help them determine their next steps. As well, the Office of the Privacy Commissioner has been notified."

Canada Post says it has implemented cybersecurity measures and will continue to take all necessary steps to mitigate the impact of the breach.

About the Author

Doug Olenick

Doug Olenick

Former News Editor, ISMG

Olenick has covered the cybersecurity and computer technology sectors for more than 25 years. Prior to his stint as ISMG as news editor, Olenick was online editor for SC Media, where he covered every aspect of the cybersecurity industry and managed the brand's online presence. Earlier, he worked at TWICE - This Week in Consumer Electronics - for 15 years. He also has contributed to, TheStreet and Mainstreet.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.