The primary postal operator has confirmed that a cyber attack on a third-party supplier of Canada Post has resulted in a data breach impacting 950,000 parcel recipients. 

The breach occured after Commport Communications, an electronic data exchange solution supplier used by the corporation, had been targeted by a malware attack.

In a statement on May 26, Canada Post said it had been told on May 19 by Commport Communication that it had suffered a data breach. The data stolen related to shipping manifest data which was held in their systems. 

”Shipping manifests are used to fulfill customer orders. They typically include sender and receiver contact information that you would find on shipping labels, such as the names and addresses of the business sending the item and the customer receiving it,” said Canada Post.

Following a detailed forensic investigation, it was found that the shipping manifests for 44 commercial customers - containing information related to over 950,000 customers had been compromised. 

There was no evidence to show that any financial information was breached.

The exposed data covered July 2016 to March 2019, with 97% of the records consisting of names and addresses of receiving customers, whilst the remainder (3%) consisted of email addresses and/or phone numbers.

“We are now working closely with Commport Communications and have engaged external cybersecurity experts to fully investigate and take action.”

PrivSec Global

To learn more about better cybersecurity practices and third party risk management tune into these talks at PrivSec Global:

  • Internal Threats: Top Threats to your IT Security and how to Address Them - June 22, 7am
  • Preparing Your Organisation for the Quantum Computing Revolution and the Data Protection/Security Challenges - June 22, 3pm
  • Third Party Risk Management: Cybersecurity Expertise into Board Governance and a Company’s Digital Defense - June 23, 7am