Fraud Management & Cybercrime
Ransomware Attack on Vendor Exposed Data
Canada Post, the nation’s primary postal operator, reports that personal information on almost 1 million of its customers was compromised when one of its vendors suffered a ransomware attack last year.
See Also: Cyberwarfare Requires Speed, Adaptability and Visibility to Win: Enterprises Must Close the IT Operations and Security Gap
Commport Communications, which manages shipping manifest data for Canada Post, on May 19 informed the postal service it had suffered a data loss from a ransomware attack last year. When it originally reported the attack in November 2020, Commport reported that no data had been compromised.
Aurora, Ontario-based Commport Communications is an electronic data interchange solutions provider that handles shipping manifests for 44 of Canada Post’s postal service commercial customers. Its compromised system contained information on more than 950,000 individual postal customers.
“Shipping manifests are used to fulfill customer orders. They typically include sender and receiver contact information that you would find on shipping labels, such as the names and addresses of the business sending the item and the customer receiving it,” Canada Post says in a statement on the breach.
Information that was exposed was from the period of July 2016 to March 2019. About 97% of the exposed records contained the name and address of the receiving customer, with the remaining 3% adding an email address or telephone number, Canada Post…