Ottawa – Canada Post has informed 44 of its large business customers of a data breach caused by a malware attack on one of their suppliers, Commport Communications. The supplier notified Canada Post late last week (on May 19) that manifest data held in their systems, which was associated with some Canada Post customers, had been compromised.
Commport Communications is an electronic data interchange (EDI) solution supplier used by Canada Post to manage the shipping manifest data of large parcel business customers. Shipping manifests are used to fulfill customer orders. They typically include sender and receiver contact information that you would find on shipping labels, such as the names and addresses of the business sending the item and the customer receiving it.
After a detailed forensic investigation, there is no evidence that any financial information was breached. In all, the impacted shipping manifests for the 44 commercial customers contained information relating to just over 950 thousand receiving customers. After a thorough review of the shipping manifest files, they’ve determined the following:
- The information is from July 2016 to March 2019
- The vast majority (97%) contained the name and address of the receiving customer
- The remainder (3%) contained an email address and/or phone number
“The Office of the Privacy Commissioner has been notified,” Canada Post said.