Canada Post customers potentially exposed to supplier data breach

OTTAWA — Canada Post says more than 950,000 customers were potentially exposed in a data breach attack on one of its suppliers.

Image: Canada Post

The Crown agency says it was informed by Commport Communications earlier this month that the manifest data held in their systems was compromised by a malware attack.

The attack affected shipping manifests for 44 of Canada Post’s large business customers and included information related to nearly one million receiving customers.

Canada Post says, that after a detailed forensic investigation, there was no evidence that any financial information was breached between July 2016 and March 2019.

It says 97 per cent of the affected records contained the name and address of the receiving customer, while the rest contained an email address and/or phone number.

Commport also notified Innovapost, Canada Post’s IT subsidiary last November of a potential ransomware issue, but said there was no evidence that customer data had been compromised.

External cybersecurity experts have been hired to investigate and take action while the Office of the Privacy Commissioner has been notified.