Canada Post Notifies 44 Large Commercial Customers Of Data Breach
A Detailed Forensic Investigation Showed There Is No Evidence that Any Financial Information Was Leaked.
On Wednesday, Canada Post, a Crown corporation has notified 44 of its large organization clients of a data breach caused by a malware attack on an electronic data interchange (EDI) supplier which affected nearly 1 million recipients.
The attack on Ontario-based Commport Communications compromised the shipping manifest data of the clients. Shipping manifests usually include the sender and receiver contact information that’s found on shipping labels, such as names and addresses.
In this case, the vast majority of the data, 97%, consisted of names and addresses, with 3% including email addresses or phone numbers. The compromised information dates back to July 2016.
According to Canada Post, Commport Communications, the electronic data interchange (EDI) solution supplier used by Canada Post to manage shipping data of business customers, informed the company on May 19 of a data breach caused by a malware attack.
The Crown corporation stated that it has already “implemented proactive measures and will continue to take all necessary steps to mitigate the impacts.”
Canada Post will also incorporate any learnings into our efforts, including the involvement of suppliers, to enhance our cybersecurity approach which is becoming an increasingly sophisticated issue.
As stated by Canada Post, an elaborate official investigation was conducted but “there was no evidence” of any financial information being breached.
Even if the cyberattack happened through Commport Communications, Canada Post declared it sincerely regrets that its customers have been affected. It also said the company respects its client privacy and the cybersecurity matter is something they take very seriously.
We are now working closely with Commport Communications and have engaged external cybersecurity experts to fully investigate and take action.
At the moment, Canada Post is “proactively informing” the affected business clients, while providing the necessary support and information “to help them determine their next steps.“
The company also informed The Office of the Privacy Commissioner of the cyberattack.