Canada Post, the main postal operator in Canada serving more than 16,500,000 residential and business addresses, notified 44 commercial customers that one of its suppliers had been the victim of a ransomware attack. As a result, delivery address data was leaked.
It is reported that Commport Communications was compromised, and as a result, attackers gained access to data stored in its systems. The hackers got their hands on information from the delivery manifests for large parcels to business customers, including contact information, names, and mailing addresses of the sender and recipient.
In total, 44 Canadian Post commercial customers were affected by the attack, as well as more than 950,000 recipient customers. It is emphasized that the financial data has not been disclosed, and the leak covers the period from July 2016 to March 2019.
For the vast majority of victims (97%), only the name and delivery address were disclosed. In other cases (3%), the email address and phone number could have been compromised.
Edition Bleeping Computer writes that at the end of 2020 on the Lorenz cipher website published data about breaking Commport Communications. Since then, the hackers have leaked about 35.3 GB of data, allegedly stolen during the attack.
While the Canadian Post claims that Commport Communications did not know at the time of the attack that third parties had access to their data, judging by the information on the Lorenz website, this is not entirely true.