Canada Post notifies customers to change passwords, investigating 2017 incident

Canada Post says there has not been a cyberattack but that it is informing customers so they can protect their privacy

Canada Post is notifying customers it will reset passwords for online accounts while it investigates a report that “some customer information may have been compromised in 2017.”

In an email to customers that was obtained by MobileSyrup, the company confirmed that “there has not been a cyberattack or breach of the Canada Post network,” but that it is just investigating the incident.

The company said in the email that it has determined that login and password credentials were stolen in external privacy breaches unrelated to Canada Post were used to access accounts.

Canada Post said this is possible when users reuse their credentials on several websites for convenience.

“Based on our investigation, we do not believe your information has been compromised, but we are requiring that you reset your password,” the company said in the email.

Canada Post is advising customers to create stronger passwords when changing them. The company also provides a link within the email to be able to change account passwords. Customers can also head to canadapost.ca and when signing in can click ‘Forgot Password’ to begin the reset process.

While the notification is not a breach, Canada Post said in the email that it is the company’s “obligation” to its customers to inform them so their privacy is protected.

“We will be reviewing our policies and procedure to determine how we can continue to improve the security of our online platforms,” the email said.