It was confirmed Wednesday, May 26th, 2021, that a malware attack took place against one of Canada Post’s largest suppliers, impacting 44 of their biggest corporate customers, and leaking the information of 950,000 Canadians, potentially more.
The attack was against Canada Post supplier, Commport Communications, an electronic data interchange supplier. They manage the shipping manifest data of large parcel business customers for Canadas national mail carrier and have access to the shipping information of these customers.
Upon further forensic investigation, there is no evidence of financial information being breached. Canada Post says 97% of the information taken were names and addresses, and 3% were phone numbers and emails. The data breached dated between July 2016, and March 2019.
Canada Post has had multiple allegations arise in the last few years involving data breaches. A similar situation took place late last year where personal and financial information was breached, and Canada Post withheld information about the incident, further compromising the lives of the individuals affected. The company and the government failed to take reasonable steps when they knew cybersecurity incidences were taking place. This led to a class-action lawsuit against the company. In the event of a privacy breach, an organization can be sued for negligence, breach of confidence, breach of contract, or breach of fiduciary duty.
In this case, external cybersecurity experts are fully investigating and acting against the attack. The Canada Post is proactively informing the impacted customers of the situation and is looking to increase their efforts of enhancing their cybersecurity approach “which is becoming an increasingly sophisticated issue” the company says. Canada Post said they respect customer privacy and take matters of cybersecurity very seriously.