UK-based courier service CitySprint has announced it recently suffered a data breach. Notifications were sent out on April 7th to let employees know that the breach occurred and that there is no evidence that personal data was accessed thus far. iFleet is the portal used by drivers to share information such as photos of their driver’s license, vehicle pictures, and records of their weekly earnings. However, this platform was shut down for a brief period while the situation was being investigated. CitySprint confirmed yesterday that their investigation had been completed and the proper authorities were notified.
Analyst Notes
Adopting a defense-in-depth strategy moving forward will benefit CitySprint in the long run. Requiring multifactor authentication, forced password resets, and implementing strong anti-virus software should be considered. It has not been revealed whether or not this breach has been associated with any specific threat group or actor, but more information may be released in the near future.
Source: https://grahamcluley.com/citysprint-confirms-security-breach-warns-delivery-drivers-their-personal-data-may-be-in-the-hands-of-hackers/?web_view=true
