News
Canada Post Data Breach Likely Linked to Ransomware Attack in December 2020

Canada Post Data Breach Likely Linked to Ransomware Attack in December 2020

Edward Kost
Edward Kost
May 31, 2021

Canada Post has suffered a data breach impacting 44 of its business clients which lead to 950,000 receiving customers being compromised.

97% of the accessed data, spanning from July 2016 to March 2019, contained receiving customer names and address information. Forensic investigations did not find evidence of any financial data compromise.

This breach occurred through Commport Communications - a third-party vendor hired by Canada Post to manage the shipping manifest data of its large business clients. 

But this was not a sudden third-party breach. This event is believed to be linked to a ransomware attack Commport Communications suffered back in December 2020. 

At the time, Commport Communications was confident that the ransomware attack, launched by Lorenz, did not impact Canada Post and advised the postal service that their data was safe.

But behind the scenes, Lorenz was publishing 35.3 GB of the data allegedly stolen from the ransomware attack on the dark web.

Commport Communications data leak published on dark web
Commport Communications data leak published on dark web - source: bleepingcomputer.com

Data leaks are overlooked attack vectors, and many organizations are unknowingly depositing them. 

A data leak is any accidental or unauthorized exposure of sensitive data. When cybercriminals discover data leaks, it could arm them for a devastating data breach. So by shutting down third-party data leaks before they’re discovered, third-party breaches and supply chain attacks will be significantly reduced.

The string of third-party breaches that have rocked the business world since the SolarWinds incident demonstrates that vendors can no longer be trusted - not for their cybersecurity efforts, nor their cyber incident communications. Biden’s Executive Order aims to change this.

The lack of data breach transparency could be due to either a conscious or subconscious bias. Vendors are partial to the preservation of their reputation, and so their statements cannot be the only source of information about a data breach they’ve suffered.

A preserved reputation, at the expense of 6 months of sensitive data leakage, hardly seems like a fair exchange.

How secure is Commport Communications?

Commport Communications provides a wide range of innovative and comprehensive supply chain management solutions for Electronic Commerce (EC).
  • Check icon
    View our free preliminary report on Commport Communications’s security posture
  • Check icon
    13 risk factors, including email security, SSL, DNS health, open ports and common vulnerabilities
https://www.commport.com/
Security ratings
Abstract shape
Deliver icon

Sign up to our newsletter

Get the latest curated cybersecurity news, breaches, events and updates in your inbox every week.
Abstract shapeAbstract shape

Latest news

Stay up-to-date with the latest news in cybersecurity.
UpGuard customer support teamUpGuard customer support teamUpGuard customer support team

Protect your organization

Get in touch or book a free demo.
Abstract shapeAbstract shape
Free instant security score

How secure is your organization?

Request a free cybersecurity report to discover key risks on your website, email, network, and brand.
  • Check icon
    Instant insights you can act on immediately
  • Check icon
    Hundreds of risk factors including email security, SSL, DNS health, open ports and common vulnerabilities
Website Security scan resultsWebsite Security scan ratingAbstract shape