Another major service has recently fallen prey to a third-party cybersecurity incident. The latest report comes from the Canada Post that admitted data breach to the customers following a third-party ransomware attack.
Canada Post Data Breach
Reportedly, Canada Post has disclosed a serious data breach to its customers via a recent press release. The service got the news of the breach a week after one of its third-party suppliers suffered a ransomware attack.
Specifically, the actual incident happened at the Commport Communications’ network on May 19, 2021. The service serves as an electronic data interchange (EDI) solution supplier to the Canada Post, managing the shipping manifests data of its customers.
While the supplier solution facilitated the Canada Post in managing the customer orders, the cybersecurity incident negatively affected it.
Consequently, Canada Post had to disclose the breach to 44 of its large business customers. As stated in the post,
Canada Post has informed 44 of its large business customers of a data breach caused by a malware attack on one of our suppliers, Commport Communications. The supplier notified Canada Post late last week (on May 19) that manifest data held in their systems, which was associated with some Canada Post customers, had been compromised.
Regarding the breached data, Canada Post mentions that around 97% of it included names and addresses of the recipients. Whereas, 3% of the data included an email address or contact number. Besides, the incident impacted old data ranged from July 2016 to March 2019.
What Next?
Following the incident, Canada Post involved cybersecurity experts to continue with the investigations. Whereas, they also continue informing the affected customers of the incident and the subsequent necessary steps.
While the press release does not mention a ransomware attack. Bleeping Computer has reported that Commport Communications might have fallen prey to the Lorenz ransomware.
The said ransomware gang first posted about targeting Commport Communications in December 2020. Since then, they continued leaking the 35.3GB of stolen data on their dark web site.
Nonetheless, it’s presently unclear if Canada Post referred to the same incident in their press release or a different one.
Let us know your thoughts in the comments.