Canada Post disclosed a ransomware attack on a third-party service provider

DragonForce operator chained SimpleHelp flaws

Canada Post disclosed a ransomware attack on a third-party service provider that exposed shipping information for their customers.

Canada Post announced that a ransomware attack on a third-party service provider exposed shipping information for their customers.

Canada Post is a Crown corporation that functions as the primary postal operator in Canada, it provides service to more than 16 million Canadian addresses.

The company has already informed 44 of its large commercial customers, the ransomware attack impacted Commport Communications.

Exposed data include shipping manifests for the 44 commercial customers, the data breach impacted over 950 thousand receiving customers.

“After a detailed forensic investigation, there is no evidence that any financial information was breached. In all, the impacted shipping manifests for the 44 commercial customers contained information relating to just over 950 thousand receiving customers.” reads the data breach notification published by the company. “After a thorough review of the shipping manifest files, we’ve determined the following:

The information is from July 2016 to March 2019
The vast majority (97%) contained the name and address of the receiving customer
The remainder (3%) contained an email address and/or phone number”

The ransomware attack took place in 2020, in December 2020 Lorenz operators published on their leak site 35.3 GB of data allegedly stolen from Commport Communications.

Initially, Commport Communications said that threat actors did not exfiltrate customers’ data, but the leaked data is proof of the data breach.

Canada Post is helping Commport Communications in investigating the incident to determine the extent of the data breach. The company has also engaged external cyber security experts and is proactively informing the impacted business customers.

Canada Post also notified the Office of the Privacy Commissioner.

“Canada Post will continue to engage external cyber security experts to conduct additional forensic work and assist in the ongoing investigation with Commport Communications. We have already implemented proactive measures and will continue to take all necessary steps to mitigate the impacts. Canada Post will also incorporate any learnings into our efforts, including the involvement of suppliers, to enhance our cyber security approach which is becoming an increasingly sophisticated issue.” concludes the data breach notification.

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, ransomware)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.