Canada Post targeted by supply chain attack, exposing user data

It was recently reported that Canada Post was targeted by a supply chain attack, which allowed hackers to access the names and addresses of around one million senders and receivers over the last three years.

Indeed, the cyberattack occurred on Canada Post’s electronic data interchange (EDI) solution supplier that is in charge of managing the shipping manifest data of large parcel business customers. As a result of the hack, shipping manifests for 44 of the post office’s commercial users were copied, giving full access to the attackers to the information of over 950 thousand receiving customers.

It was reported that the attacks could be from a new ransomware group called Lorenz. It is possible that the hackers will then use email addresses for spam, spear-phishing, and impersonation attacks.

Moreover, it was found out that Canada Post was aware of a possible security problem since November 2020, but there was no evidence to suggest any customer data had been compromised. Yet, it was later stated that the volume of data copied indicated that malicious activity had been here for a while.

It is then vital to have better cybersecurity measures so as to protect information and systems. There is also a need for governments everywhere to put into place good data protection requirements and provide the appropriate funding to support the ever-growing complexities of handling customer data.