29th May 2021, Kathmandu
Canada Post data breach affected 44 large businesses and their 950,000 customers. Commport Communications provided the information about the breach to Canada Post.
A data breach occurred when a malware attack on one of Canada Post’s suppliers took place. It affected 44 of the company’s large business clients and their 950,000 receiving customers.
Canada Post Corporation, the crown corporation functions as the primary postal operator in Canada. The crown corporation sets a new direction for the postal service by ensuring the postal service’s financial security and independence. They provide two types of services: Personal and Business services. Personal services include sending, receiving, money and government services, collectible stamps, and coins. Such business services include shipping, marketing, e-commerce, small business, and postal services.
Details of the attack
Commport Communications, an electronic data interchange solution supplier, notified them about the attack. The Data compromised was Manifest data held in their systems associated with Canada Post customers. Canada Post uses Commport Communications to manage the shipping manifest data of large parcel business customers.
The Crown Corporation already implemented proactive measures. It will continue to take all necessary steps to decrease or control the impacts.
There’s no evidence of any financial information being breached through a detailed forensic investigation. About 97 percent of the information affected comprised the names and addresses of receiving customers from July 2016 to March 2019. However, the rest 3 percent contained email addresses and/or phone numbers.
Canada Post said that they are working closely with Commport Communications. Although, they engaged external cybersecurity experts to investigate and take action fully.
The postal service proactively informed impacted business customers. Similarly, they provided the information and support to help them determine the next steps. In addition, Canada Post has notified The Office of the Privacy Commissioner.
Commport Communications notified Innovapost in November 2020. Though, the IT subsidiary of Canada Post, known as Innovapost, is of a potential ransomware issue. Commport Communications have investigated at the time but also advised there’s no evidence to suggest any customer data had been compromised.
Canada Post sincerely regrets the inconvenience to their customers because the breach occurred at one of their suppliers. They mentioned cybersecurity is a very serious matter for them.
How do Data Breaches happen?
Data breach basically steals confidential, sensitive, or protected data. Sometimes, it’s not just the temporary terror. Still, it’s necessary to have extensive security measures since small, medium, or big businesses target cybercriminals.
A data breach can be either accidental or intentional, even though the assumption that a data breach is caused by an outside hacker might not always be true. Moreover, it can just be flaws in a company’s infrastructure or a simple oversight by individuals.
Reasons can be:
- an accidental insider
- malicious insider
- lost or stolen devices
- malicious cybercriminals
The damage a Data Breach can do for
- Business organizations: can affect both reputation and finances along with their customer’s privacy.
- Government organizations: expose highly confidential information to foreign parties and also, Military operations, political dealings, and details on essential national infrastructure
- Individuals: identity theft or fraud, data leaks from social security numbers to banking information
Methods to prevent a data breach
Some of the measure to protect your business online:
- Enforce Backup and recovery
- Updating software regularly
- Use high-grade encryption software
- Look out for a suspicious email
- Strong credentials and multi-factor authentication
- Keep your Wi-Fi secure
- Set permissions and limit access
- Analyze log data
- Use antivirus to protect against outside threats