Canada’s national mail carrier says a malware attack on one of its suppliers has impacted 44 of its biggest corporate customers across the country, and potentially up to nearly one million people.
Canada Post said in a statement Wednesday that one of its suppliers, Commport Communications, had its systems compromised in a cyberattack.
Commport is what’s known as an electronic data interchange supplier, which means it manages the shipping manifest data of large-parcel business customers. Its system has access to information like names and addresses of senders and receivers when large parcels are shipped.
The company says 44 of the largest shippers in Canada were included, and the cyberattack got information on shipments that happened between July 2016 and March 2019.
Canada Post says 97 per cent of the information stolen was names and addresses. In three per cent of the cases, phone numbers and email addresses were taken.
No financial information was accessed, but Canada Post says some information on up to 950,000 Canadians seems to have been taken.
“We are now working closely with Commport Communications and have engaged external cybersecurity experts to fully investigate and take action,” Canada Post said. “We are proactively informing the impacted business customers and providing the information and support necessary to help them determine their next steps. As well, the Office of the Privacy Commissioner has been notified.”
More to come.