OTTAWA — Canada Post says it is resetting passwords for all online customer accounts after a report that some personal information may have been compromised.
The postal service says that login names and passwords stolen in privacy breaches elsewhere may have been used to access Canada Post accounts if customers reused their login credentials on multiple sites.
It maintains that the form of access, known as credential stuffing, does not constitute a cyberattack or a breach of the Canada Post system.
- Prospera Place urged to pull the plug on controversial comedian coming to Kelowna
- Merritt father warns others after medical emergency involving his young son
- Alberta train collision near Taber prompts safety reminders amid concerning driver trends
- CBSA says efforts to ‘disrupt extortion networks’ led to 70 removal orders
-
![]()
Deportation hearing continues for alleged senior member of Iranian regime -
![]()
Canada has ‘no intention’ of joining Iran war, was ‘not consulted’ by US, Israel before: McGuinty -
![]()
Health Matters: Tim Hortons recalls thousands of mugs over potential burn hazard -
![]()
BoC holds key interest rate amid war in Iran, says it can only help inflation in long term
Canada Post says the data may have been compromised in 2017, but would not say what kind of personal information could have been taken. It also would not say how many accounts may have been fraudulently accessed.
The postal service says it has hired a third party to further investigate the issue, and it is also reviewing its policies and procedures on how it can strengthen the security of its online platforms.
In a separate incident, Canada Post said last November that someone had used its delivery tracking tool to gain access to personal information of 4,500 customers of the Ontario Cannabis Store but declined to identify the information.
Comments
Want to discuss? Please read our Commenting Policy first.