Table of Contents
Canada Posts, the state-owned postal service, has announced a data breach affecting 950,000 parcel recipients as the result of a cyber attack on a third-party provider.
As the country’s largest postal service, Canada Post is a Crown corporation; therefore, it aroused a lot of discontent among the people.
A Canadian Post press release by May 26 announced that 44 “major business customers” are suspected of being compromised by “an ongoing malware assault” aimed at Comport Communications, a provider of electronic data interchange services (EDI).
The root cause of the breach
Canada Post learned about the compromise on May 19 when the supplier informed the company that “manifest data housed in their systems, which was linked to Canada Post customers, had been compromised.”
Approximately 97% of the affected data consisted of recipient names and addresses and was compromised between July 2016 and March 2019. The firm reported that 3% of the records contained email addresses or phone numbers.
According to a statement, the Crown corporation has already “taken measures to minimize the repercussions” and will do everything possible to do so moving forward.
In addition, Canada Post will utilize any learned lessons in order to enhance its cybersecurity strategy, which is becoming an increasingly sophisticated issue, the statement continued.
Small corporations and even larger ones and government sectors are becoming more and more vulnerable to cyber attacks.
The investigation of Canada posts
An in-depth forensic investigation was conducted by Canada Post, but it did not uncover any evidence that financial information had been compromised.
Canada Post promised on Wednesday that, in spite of the breach being the fault of a supplier, the company apologizes “sincerely” for any inconvenience the incident has caused. We take matters of customer privacy and cyber security very seriously at Canada Post.”
In addition to supporting Commport Communications, we have engaged external cyber attacks specialists for a full investigation and take-action plan, the company announced.
Affected business clients have been alerted, and Canada Post is providing relevant information and support to assist them in making future decisions. “The Office of the Privacy Commissioner has been informed,” Canada Posts said.
The Canadian Post published a report in November 2020 on Comport Communications’ potential ransomware issue reported to the company’s IT department, Innova post.
Despite that, according to the report, “Comport Communications advised no evidence indicated customer data was breached when it was first reported.”