Shipping data from 44 of Canada Post’s large commercial clients – including information related to nearly a million receiving customers – was compromised in a recent malware attack on one of the Crown corporation’s suppliers.
Commport Communications, based in Aurora, Ont., notified Canada Post on May 19 about the attack on its system. Commport is an “electronic data interchange solution supplier,” according to Canada Post, which uses the company to manage the manifest data of large parcel business customers.
The breached data was dated from July 2016 to March 2019, with the majority of it – 97 per cent – containing the receiving customer’s name and address (and the remainder having the customer’s email address, phone number or both). On May 26, Canada Post issued a statement saying a “detailed forensic investigation” found “no evidence that any financial information was breached.”
Now working with external cybersecurity experts for further investigation, the Crown corporation also notified the Office of the Privacy Commissioner.