Canada Post discloses data breach following malware attack on supplier

The postal agency says the information of more than 950,000 mail recipients has been compromised

Canada Post has notified 44 of its large business customers that information relating to more than 950,000 customers has been compromised.

The data breach was caused by a malware attack on one of its suppliers, Commport Communications. The company notified Canada Post that manifest data held in their systems, which was associated with some Canada Post customers, had been compromised on May 19th.

Commport Communications is an electronic data interchange (EDI) solution supplier used by Canada Post to manage the shipping manifest data of large parcel business customers.

Shipping manifests are used to fulfill customer orders and typically include sender and receiver contact information.

Canada Post notes that there is no evidence that any financial information was breached. The information is from July 2016 to March 2019 and the vast majority contained the name and address of the receiving customer. Three percent contained an email address and/or phone number.

The postal agency says it’s notifying affected business customers are being notified and providing them with information regarding next steps.

Canada Post notes that it will engage external cybersecurity experts to conduct additional forensic work and that the Office of the Privacy Commissioner has been notified.