Recent news revealed the primary postal service in Canada, Canada Post, suffered a cyber attack due to an incident involving a supplier, Commport Communications. A large amount of information from around 44 businesses and 950,000 people dating between 2016 to 2019 has been affected. Canada Post stated, “97 per cent of it comprised the names and addresses of receiving customers. The remaining three per cent contained email addresses and/or phone numbers.”
Canada Post has begun working with Commport Communications in an effort to understand the scope of the attack and how they can prevent these events in the future. Another portion of their statement released on Wednesday said, “Canada Post will also incorporate any learnings into our efforts, including the involvement of suppliers, to enhance our cybersecurity approach which is becoming an increasingly sophisticated issue.”
Analyst Notes
Although it is believed no financial information was included in the breach, the information that was accessed could lead to attempts at identity theft as well as targeted phishing campaigns. While the incident happened through a third party, Canada Post should still assure they are taking the proper steps to assure their systems are secured. As part of a wholistic approach to securing business IT systems, it is important to consider the data stored by third-party vendors and service providers, as well as any trusted connections or access to internal data that those third-party companies have. Adopting a zero-trust approach to security, while complicated, can help reduce the risk from mistakes or security lapses on the part of other companies.
Source: https://globalnews.ca/news/7894760/canada-post-data-breach/?&web_view=true
