article featured image


On Wednesday, Canada Post, a Crown corporation has notified 44 of its large organization clients of a data breach caused by a malware attack on an electronic data interchange (EDI) supplier which affected nearly 1 million recipients.

Canada Post headquarters in Ottawa

Source: Wikipedia

The attack on Ontario-based Commport Communications compromised the shipping manifest data of the clients. Shipping manifests usually include the sender and receiver contact information that’s found on shipping labels, such as names and addresses.

In this case, the vast majority of the data, 97%, consisted of names and addresses, with 3% including email addresses or phone numbers. The compromised information dates back to July 2016.

According to Canada Post, Commport Communications, the electronic data interchange (EDI) solution supplier used by Canada Post to manage shipping data of business customers, informed the company on May 19 of a data breach caused by a malware attack.

The Crown corporation stated that it has already “implemented proactive measures and will continue to take all necessary steps to mitigate the impacts.”

Canada Post will also incorporate any learnings into our efforts, including the involvement of suppliers, to enhance our cybersecurity approach which is becoming an increasingly sophisticated issue.


As stated by Canada Post, an elaborate official investigation was conducted but “there was no evidence” of any financial information being breached.

Even if the cyberattack happened through Commport Communications, Canada Post declared it sincerely regrets that its customers have been affected. It also said the company respects its client privacy and the cybersecurity matter is something they take very seriously.

We are now working closely with Commport Communications and have engaged external cybersecurity experts to fully investigate and take action.


At the moment, Canada Post is “proactively informing” the affected business clients, while providing the necessary support and information “to help them determine their next steps.“

The company also informed The Office of the Privacy Commissioner of the cyberattack.

Author Profile

Antonia Din

PR & Video Content Manager

linkedin icon

As a Senior Content Writer and Video Content Creator specializing in cybersecurity, I leverage digital media to unravel and clarify complex cybersecurity concepts and emerging trends. With my extensive knowledge in the field, I create content that engages a diverse audience, from cybersecurity novices to experienced experts. My approach is to create a nexus of understanding, taking technical security topics and transforming them into accessible, relatable knowledge for anyone interested in strengthening their security posture.

Leave a Reply

Your email address will not be published. Required fields are marked *