Data Breach in Canada Post, 950,000 People Affected
June 7, 2021
19         0

by Snigdh Baunthiyal

Data Breach Affects Corporate and Private customers

Canada Post experienced a data breach after a ransomware attack on one of its suppliers in May. The attack on Commport Communications, an electronic data interchange supplier, has impacted 44 of Canada Post’s biggest corporate customers, and up to 950,000 people. 

Commport manages the shipping manifest data of large-parcel business customers. These shipping manifests are used to fulfil customer orders and include sender and receiver information typically found on shipping labels, such as names and addresses. In its statement, Canada Post said that the cyberattack on May 19 “compromised” information on shipments between 2016 and 2019. 97 per cent of the stolen information included names and addresses, while the remaining 3 per cent involved phone numbers and/or email addresses. No financial information was accessed, according to Canada Post. 

What happens now?
The postal service is now working with Commport and has engaged external cybersecurity experts to investigate the situation and take relevant action. They have also proactively informed the impacted customers and have provided information and support to help them “determine next steps”.

Additionally, Canada Post stated that The Office of the Privacy Commissioner has also been notified. Canada Post has said that they “sincerely regret” the inconvenience to the customers and that they take cybersecurity “very seriously”.

“Canada Post will also incorporate any learnings into our efforts, including the involvement of suppliers, to enhance our cybersecurity approach which is becoming an increasingly sophisticated issue,” the agency said. 

According to multiple reports, last November, Commport Communications notified Innovapost, the IT subsidiary of Canada Post, of a potential ransomware issue. An investigation found no evidence to suggest any customer data had been compromised.

Data breach is a growing risk

Multiple experts have warned that data breach is a growing risk and organisations really need to step up to protect their data. The most recent data breach of Facebook has exposed the personal data of 533 Million users. The data exposed included phone numbers, DOB, locations, past locations, full name, and in some cases, email addresses. Chartered Professional Accountants of Canada (CPA) experienced a cyberattack early in the month that allowed unauthorized third parties to gain access to the personal information of over 329,000 members and stakeholders. The stolen information was mostly related to the distribution of the CPA Canada magazine and included personal data such as names, addresses, email addresses, and employer information. 

In its 2020 report, the Canadian Internet Registration Authority had criticized organizations’ ability to manage and protect their data and had highlighted the following:

  • Fewer organizations expect to increase human resources dedicated to cybersecurity in the next 12 months with one-third planning to do so, down from 45 per cent in 2019.  
  • About three in 10 organizations have seen a spike in the volume of attacks during the pandemic. 
  •  Slightly more than half of the organisations implemented new cybersecurity protections directly in response to COVID-19. 
  • One-quarter of organisations experienced a breach of customer and/or employee data last year. Another 38 perc ent did not know if they had or not. 
  • Organisations were less likely than in 2019 to inform a regulatory body of a data breach, with only 36 perc ent doing so compared to 58 per cent in 2019.
  • Decision makers are divided in their concern about changes to PIPEDA, with 54 per cent saying they are concerned. 
subscribe for YouMedia Newsletter

Leave a Reply

Your email address will not be published. Required fields are marked *

subscribe for YouMedia Newsletter