A third-party supplier of Canada Post Corporation faced a major data breach giving the attacker 950,000 parcel recipients’ data. This was announced by the state-owned postal service in a press release published on the last week of May 2021. The actual incident happened to Commport Communication, a third-party supplier providing Electronic Data Interchange (EDI) solution on 19th May 2021, and they have reported to Canada Post as soon as they found about the breach. The compromised data belongs to the customers of nearly a 3-year period between July 2016 and March 2019. The Canada Post also informed the customers, including 44 large businesses, that the company had fallen victim to a malware attack.
Exposed Data: For 97% of customers, it was their names and addresses. For the remaining 3%, it was their email address and Phone number.
Canada Post has conducted a thorough forensic investigation and they have confirmed that no evidence of financial data being leaked was found. The company claims that they respect customers’ privacy and takes cybersecurity very seriously. Also added that they regret the difficulty caused to the customers due to the breach.
The Next Step: Canada Post has proactively informed all the clients and been supporting them to carry out the necessary steps. They also informed the office of the privacy commissioner. As per the company, they are now closely engaging with Commport Communications and with external cybersecurity experts to fully investigate the breach and take necessary action.