Canada Post Notifies 44 Major Corporate Customers of Supplier Data Breach Involving Shipping Information

OTTAWA, May 26, 2021 / CNW / – Canada Post has notified 44 of its large corporate customers of a data breach caused by a malware attack on one of our vendors, Commport Communications. The supplier notified Canada Post at the end of last week (the May 19) that manifest data in their systems, which was associated with certain Canada Post customers, had been compromised.

Commport Communications is an electronic data interchange (EDI) solutions provider used by Canada Post to manage shipping manifest data for commercial large parcel customers. Shipping manifests are used to fulfill customer orders. They usually include the sender and receiver contact information you will find on shipping labels, such as the names and addresses of the company sending the item and the customer receiving it.

After a detailed forensic investigation, there is no indication that any financial information was breached. In total, the affected shipping manifests for the 44 business customers contained information relating to just over 950,000 recipient customers. After a thorough review of the shipping manifest files, we have determined the following:

  • The information comes from July 2016 at March 2019
  • The vast majority (97%) contained the name and address of the receiving customer
  • The rest (3%) contained an email address and / or phone number

Although the breach occurred through a vendor, Canada Post respects customer privacy and takes cybersecurity issues very seriously. We also sincerely regret the inconvenience caused to our valued customers. In November 2020, Commport Communications notified Innovapost, the IT subsidiary of Canada Post, of a potential ransomware issue, which was investigated with Commport Communications advising that there was no evidence to suggest that data from customers had been compromised by that time.

We are currently working closely with Commport Communications and have engaged external cybersecurity experts to conduct a thorough investigation and take action. We proactively educate affected business customers and provide them with the information and support they need to help them determine their next steps. In addition, the Office of the Privacy Commissioner has been notified.

Canada Post will continue to engage external cybersecurity experts to perform additional forensic work and participate in the ongoing investigation with Commport Communications. We have already implemented proactive measures and will continue to take all necessary measures to mitigate the impacts. Canada Post will also incorporate any learning into its efforts, including supplier involvement, to improve our approach to cybersecurity, which is becoming an increasingly sophisticated issue.

SOURCE Canada Post

For further information: Media Relations, 613-734-8888, [email protected]

Related links

Previous 2021 Global Temporary Auto Insurance Market Report on
Next Avoiding Economic Devastation Caused by Billion-Dollar New York Consumer Energy Debt