Connect with us

Hi, what are you looking for?

Cyber Security

Canada Post reveals supplier data breach involving shipping information of 950,000 parcel recipients

A cyber-attack on a third-party supplier of Canada Post has resulted in a data breach impacting 950,000 parcel recipients, the state-owned postal service has announced.

In a press release published yesterday (May 26), Canada Post said it had informed 44 “large business customers” that they had potentially been affected by “a malware attack” against Commport Communications, a provider of electronic data interchange (EDI) services.

The supplier notified Canada Post a week earlier, on May 19, “that manifest data held in their systems, which was associated with some Canada Post customers, had been compromised”.

The exposed data, said Canada Post, involves the names and postal addresses of parcel recipients in 97% of cases, with the other 3% comprising an email address and/or phone number.

The shipping information for “just over” 950,000 parcel recipients relates to a nearly three-year period between July 2016 and March 2019.

The ongoing investigation has found “no evidence that any financial information was breached”, added Canada Post.

Canada Post, the country’s largest postal operator, uses Commport Communications’ EDI services to manage shipping manifest data, which includes sender and receiver contact information required for shipping labels, in order to fulfil parcel orders for its business customers.

‘Potential ransomware issue’

Canada Post also referenced “a potential ransomware issue” flagged by Commport Communications to its IT subsidiary, Innovapost, in November 2020. However, this “was investigated with Commport Communications advising there was no evidence to suggest any customer data had been compromised at that time”.

Canada Post said it had notified the Office of the Privacy Commissioner and is “proactively informing the impacted business customers and providing the information and support necessary to help them determine their next steps”.

The postal operator added that it had “already implemented proactive measures and will continue to take all necessary steps to mitigate the impacts.

“Canada Post will also incorporate any learnings into our efforts, including the involvement of suppliers, to enhance our cyber security approach.”

The Daily Swig has contacted Canada Post and Commport Communications with some additional queries. We will update the article should we receive responses.

Source: https://portswigger.net/daily-swig/canada-post-reveals-supplier-data-breach-involving-shipping-information-of-950-000-parcel-recipients

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

You May Also Like

Cyber Security

The cyberattack that ultimately led to the breach of several U.S. officials’ email accounts was the result of a China-based threat actor accessing a...

Business News

With a span of 853 meters, the Gordie Howe International bridge linking the US and Canada, will be the longest cable stayed bridge in...

Cyber Security

The well-known watch manufacturing company Seiko disclosed the data breach notification recently on Aug 2023, targeted by the notorious threat group BlackCat/ALPHV. BlackCat/ALPHV Group has been...

Cyber Security

Privileged users typically hold crucial positions within organizations. They usually have elevated access, authority, and permission levels in the organization’s IT systems, networks, applications,...

Copyright © 2023 Newsworthy News | Global | Political | Local | All News | Website By: Top Search SEO