Canada Post, Canada's primary postal operator, has informed 44 of its large commercial customers that shipping information for their customers has been compromised due to a ransomware attack on a third-party service provider Commport Communications.
Commport Communications is an electronic data interchange (EDI) solution supplier used by Canada Post to manage the shipping manifest data of large parcel business customers.
In a press release on Wednesday Canada Post said that it was informed of a data breach on May 19. The security incident affected shipping manifests for the 44 commercial customers. The impacted shipping manifests contained information relating to just over 950 thousand receiving customers.
The exposed information dates from July 2016 to March 2019 and most of it (97%) contained the name and address of the receiving customer. In some cases the data contained an email address and/or phone number.
The corporation said that there is no evidence that any financial information was compromised.
“We are now working closely with Commport Communications and have engaged external cyber security experts to fully investigate and take action. We are proactively informing the impacted business customers and providing the information and support necessary to help them determine their next steps. As well, the Office of the Privacy Commissioner has been notified,” Canada Post said.