The attackers successfully copied the shipping manifests of 44 of the post office’s business users, resulting in the theft of data from just over 950,000 senders and recipients. Canada Post said after a full review of the shipping manifest, it concluded that 97% of the data contained only the name and address of the receiving customer. The remaining 3% of the data contained an email address or phone number.
Canada Post said it was initially made aware of a possible data breach issue last November. At that time, the Post notified its IT subsidiary Innovapost of a “potential ransomware problem”. Additionally, during this time, Commport said it found no evidence to suggest that customer data had been compromised.
But in its recent statement, Canada Post said it was informed last week by Commport that manifest data from July 2016 to March 2019 had been compromised by cyber attackers.
IT World Canada reported that the attack was likely the work of the Lorenz ransomware group. Cyber security firm Emsisoft noted that Commport Communications was listed on Lorenz’s breach website, which claimed to have posted copies of allegedly stolen files on December 20, 2020.
Bleeping computer spoke with a researcher who said Lorenz was a relatively new ransomware group, only emerging in April. However, Emsisoft noted that Lorenz’s code is based on another ransomware, ThunderCrypt, leading experts to believe Lorenz is a new brand of ThunderCrypt instead of a separate group.