Canada Post said in a statement Wednesday that one of its vendors, Commport Communications, had its systems compromised in a cyber attack. Commport is what is known as an electronic data interchange provider, which means that it manages the shipping manifest data of large parcel commercial customers. Its system has access to information such as the names and addresses of senders and recipients when large packages are shipped.
The company says 44 of the largest shippers in Canada were included and the cyberattack provided information on shipments that took place between July 2016 and March 2019.
Canada Post claims that 97% of Ninety percent of the information stolen was names and addresses. In 3% of cases, phone numbers and email addresses were entered.
No financial information was viewed, but Canada Post says information on up to 950,000 Canadians appears to have been collected.
“We are now working closely with Commport Communications and have engaged external cybersecurity experts to conduct a thorough investigation and take action,” Canada Post said. “We proactively educate affected business customers and provide them with the information and support they need to help them determine their next steps. In addition, the Office of the Privacy Commissioner has been informed. “