• ITVI.USA
    15,433.470
    55.400
    0.4%
  • OTLT.USA
    2.727
    -0.016
    -0.6%
  • OTRI.USA
    20.850
    0.030
    0.1%
  • OTVI.USA
    15,408.360
    58.320
    0.4%
  • TSTOPVRPM.ATLPHL
    3.280
    -0.020
    -0.6%
  • TSTOPVRPM.CHIATL
    3.190
    0.050
    1.6%
  • TSTOPVRPM.DALLAX
    1.560
    -0.030
    -1.9%
  • TSTOPVRPM.LAXDAL
    3.420
    0.090
    2.7%
  • TSTOPVRPM.PHLCHI
    2.220
    0.050
    2.3%
  • TSTOPVRPM.LAXSEA
    4.080
    0.000
    0%
  • WAIT.USA
    126.000
    1.000
    0.8%
  • ITVI.USA
    15,433.470
    55.400
    0.4%
  • OTLT.USA
    2.727
    -0.016
    -0.6%
  • OTRI.USA
    20.850
    0.030
    0.1%
  • OTVI.USA
    15,408.360
    58.320
    0.4%
  • TSTOPVRPM.ATLPHL
    3.280
    -0.020
    -0.6%
  • TSTOPVRPM.CHIATL
    3.190
    0.050
    1.6%
  • TSTOPVRPM.DALLAX
    1.560
    -0.030
    -1.9%
  • TSTOPVRPM.LAXDAL
    3.420
    0.090
    2.7%
  • TSTOPVRPM.PHLCHI
    2.220
    0.050
    2.3%
  • TSTOPVRPM.LAXSEA
    4.080
    0.000
    0%
  • WAIT.USA
    126.000
    1.000
    0.8%
CanadaCybersecurityModern ShipperNews

Data breach hits 44 big Canada Post shippers, exposing nearly 1M customers

Cyberattack on EDI provider compromises shipping manifest data of postal carrier’s parcel customers

Canada Post said on Wednesday that a cyberattack and data breach on an electronic data interchange (EDI) supplier has compromised information from 44 of its large parcel business customers, affecting nearly 1 million recipients. 

The attack on Ontario-based Commport Communications compromised the shipping manifest data of the customers. Canada Post, Canada’s government-run postal carrier, did not identify the customers. 

About 950,000 recipients were impacted by the breach, Canada Post said. The vast majority of the data, 97%, consisted of names and addresses, with 3% including email addresses or phone numbers. 

Canada Post said Commport notified it of the breach a week ago on May 19. The postal carrier said it is investigating the attack.  

Before the latest disclosure, Canada Post said the EDI provider had notified it of a “potential ransomware issue” in November. An investigation found “no evidence to suggest any customer data had been compromised at that time,” the postal carrier said. 

Canada Post did not explicitly link that “potential ransomware issue” with the newly disclosed data breach. However, it is notoriously difficult to determine the extent of data breaches after ransomware attacks, particularly in cases where the hackers cover their tracks. 

Canada Post uses Commport to manage shipping manifest data of its large parcel customers.  

Another Canada-based EDI provider, Faxinating Solutions, was targeted in a ransomware attack earlier in the spring.

EDIs, in place since the 1960s, offer standardized communications platforms for business-to-business communication. They are used extensively in the transportation and logistics industry to communicate key shipping data. 

Commport did not immediately respond to FreightWaves’ request for comment. 

Click for more FreightWaves articles by Nate Tabak.

Nate Tabak, Border and North America Correspondent

Nate Tabak is a Toronto-based journalist and producer who covers cybersecurity and cross-border trucking and logistics for FreightWaves. He spent seven years reporting stories in the Balkans and Eastern Europe as a reporter, producer and editor based in Kosovo. He previously worked at newspapers in the San Francisco Bay Area, including the San Jose Mercury News. He graduated from UC Berkeley, where he studied the history of American policing. Contact Nate at ntabak@freightwaves.com.

Leave a Reply

Your email address will not be published. Required fields are marked *

We are glad you’re enjoying the content

Sign up for a free FreightWaves account today for unlimited access to all of our latest content

By signing in for the first time, I give consent for FreightWaves to send me event updates and news. I can unsubscribe from these emails at any time. For more information please see our Privacy Policy.