Canada Post has announced that more than 950,000 customers were potentially exposed in a data breach attack on one of its suppliers, according to Canadian Underwriter.
The Crown agency says it was informed by Commport Communications earlier this month that the manifest data held in their systems were compromised by a malware attack.
The attack affected shipping manifests for 44 of Canada Post’s large business customers and included information related to nearly one million receiving customers.
After a detailed forensic investigation, Canada Post says there was no evidence that any financial information was breached between July 2016 and March 2019.
It says 97% of the affected records contained the name and address of the receiving customer, while the rest contained an email address and/or phone number.
The supplier, Commport, also notified Innovapost, Canada Post’s IT subsidiary last November of a potential ransomware issue but said there was no evidence that customer data had been compromised.
External cybersecurity experts have been hired to investigate and take action and the Office of the Privacy Commissioner has been notified.