Advertisement

Canada Post reports data breach to 44 large businesses, 950K customers affected

Canada Post mailboxes . THE CANADIAN PRESS IMAGES/Lars Hagberg

A malware attack on one of Canada Post’s suppliers has caused a data breach affecting 44 of the company’s large business clients and their 950,000 receiving customers, the postal agency confirmed Wednesday.

It said the information affected is from July 2016 to March 2019, and 97 per cent of it comprised the names and addresses of receiving customers. The remaining three per cent contained email addresses and/or phone numbers, the company said.

“In all, the impacted shipping manifests for the 44 commercial customers contained information relating to just over 950,000 receiving customers,” Canada Post said in an email to Global News.

The Crown corporation said it has already “implemented proactive measures and will continue to take all necessary steps to mitigate the impacts.”

Story continues below advertisement

“Canada Post will also incorporate any learnings into our efforts, including the involvement of suppliers, to enhance our cybersecurity approach which is becoming an increasingly sophisticated issue,” the statement said.

For news impacting Canada and around the world, sign up for breaking news alerts delivered directly to you when they happen.

Get breaking National news

For news impacting Canada and around the world, sign up for breaking news alerts delivered directly to you when they happen.
By providing your email address, you have read and agree to Global News' Terms and Conditions and Privacy Policy.

On May 19, Commport Communications — an electronic data interchange (EDI) solution supplier used by Canada Post to manage shipping data of business customers — informed the company that certain data associated with some of their customers had been compromised.

According to Canada Post, a detailed forensic investigation was carried but “there was no evidence” of any financial information being breached.

Click to play video: '80 employees self-isolating after COVID-19 outbreak at Mississauga Canada Post facility'
80 employees self-isolating after COVID-19 outbreak at Mississauga Canada Post facility

Though the breach occurred via a supplier, Canada Post said they “sincerely regret the inconvenience this will cause our valued customers,” in a statement Wednesday.

“Canada Post respects customer privacy and takes matters of cybersecurity very seriously,” it said.

Story continues below advertisement

“We are now working closely with Commport Communications and have engaged external cybersecurity experts to fully investigate and take action,” the company said.

Currently, the postal agency is “proactively informing” the impacted business customers, while providing the necessary support and information “to help them determine their next steps.”

“The Office of the Privacy Commissioner has been notified,” Canada Post said.

In November 2020, Commport Communications had notified Innovapost, the IT subsidiary of Canada Post, of a potential ransomware issue. The matter was investigated and Commport Communications had advised at the time that there was no evidence to suggest any customer data had been compromised.

Sponsored content

AdChoices