Canada Post informs 44 large business customers of supplier data breach

Canada Post has informed 44 of its large business customers of a data breach caused by a malware attack on one of their suppliers, Commport Communications.

The supplier notified Canada Post on May 19 that manifest data held in their systems, which was associated with some Canada Post customers, had been compromised.

Commport Communications is an electronic data interchange (EDI) solution supplier used by Canada Post to manage the shipping manifest data of large parcel business customers. Shipping manifests are used to fulfill customer orders. They typically include sender and receiver contact information that you would find on shipping labels, such as the names and addresses of the business sending the item and the customer receiving it.

After a detailed forensic investigation, there is no evidence that any financial information was breached. In all, the impacted shipping manifests for the 44 commercial customers contained information relating to just over 950 thousand receiving customers.

After a  review of the shipping manifest files, Canada Post has determined the following:

• The information is from July 2016 to March 2019
• The vast majority (97 per cent) contained the name and address of the receiving customer
• The remainder (3 per cent) contained an email address and/or phone number

Canada Post said in a statement that it will continue to engage external cyber security experts to conduct additional forensic work and assist in the ongoing investigation with Commport Communications.