I don’t think anyone is surprised by strange phone calls with advertising on home and cell phones. Where can callers get the data from? How about telephone numbers and email addresses? Home addresses with surnames and business addresses with company names can be used for a variety of purposes. In combination with the internet black market – the dark internet, the apparent data leak can be very dangerous.

Canada Post has just announced on its website canadapost-postescanada.ca that a malware attack took place targeting one of its vendors, Commport Communications. As a result, Canada Post has informed its 44 large business customers – freight forwarders across the country that there has been a data hack caused by a hacker attack and may affect up to one million people.

Commport Communication is a provider of Electronic Data Interchange (EDI) solutions for Canada Post and manages the shipping data of large packages of business customers. Shipping manifests are used to expedite customer orders. They usually contain contact information of the sender and recipient, which is usually found on shipping labels, so these are the names and addresses of the companies that ship the shipments and the names of the customers who receive them.

According to the post, after an in-depth investigation, no evidence could be found that any financial information could also leak.

Shipping data of 44 business customers – senders, contained information on over 950 thousand private customers – recipients.

The hacker attack collected information about shipments from July 2016 – March 2019.

Canada Post reported that most of the data (97%) contained the names and addresses of customers – recipients. The remaining (3%) data included an email address and / or a telephone number. 3% of the 950,000 people are 28,500.

Canada Post stated that although the breach took place at the supplier’s, it respects the privacy of customers and takes cybersecurity matters very seriously. In November 2020, Commport Communications informed Innovapost, an IT company – a daughter of Canada Post, about a potential problem which was the ransomware that Commport Communication was dealing with and stated that they had no evidence to suggest that any customer data could be hacked at that time.

Canada Post now works with Commport Communications and has also engaged external cybersecurity experts to conduct a thorough investigation and take appropriate steps.

The official statement said that “Canada Post will continue to engage external cyber security experts to conduct additional forensic work and assist in the ongoing investigation with Commport Communications. We have already implemented proactive measures and will continue to take all necessary steps to mitigate the impacts. Canada Post will also incorporate any learnings into our efforts, including the involvement of suppliers, to enhance our cyber security approach which is becoming an increasingly sophisticated issue.”

Photo Credit: Canadapost.ca