Security Affairs
FBI: TeamPCP Compromised Dev Tools to Steal Cloud Credentials|Pegasus Used Against MEP Investigating Pegasus, Citizen Lab Finds|JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|Law enforcememt operation disrupted Malicious Residential Proxy Networks NetNut|Government and Healthcare Are the Weakest Links in Global Email Security|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|FBI: TeamPCP Compromised Dev Tools to Steal Cloud Credentials|Pegasus Used Against MEP Investigating Pegasus, Citizen Lab Finds|JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|Law enforcememt operation disrupted Malicious Residential Proxy Networks NetNut|Government and Healthcare Are the Weakest Links in Global Email Security|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Canada Post disclosed a ransomware attack on a third-party service provider

Canada Post disclosed a ransomware attack on a third-party service provider that exposed shipping information for their customers. Canada Post announced that a ransomware attack on a third-party service provider exposed shipping information for their customers. Canada Post is a Crown corporation that functions as the primary postal operator in Canada, it provides service to more than 16 million Canadian […]

Reynolds ransomware uses BYOVD to disable security before encryption ransomware

Canada Post disclosed a ransomware attack on a third-party service provider that exposed shipping information for their customers.

Canada Post announced that a ransomware attack on a third-party service provider exposed shipping information for their customers.

Canada Post is a Crown corporation that functions as the primary postal operator in Canada, it provides service to more than 16 million Canadian addresses.

The company has already informed 44 of its large commercial customers, the ransomware attack impacted Commport Communications.

Exposed data include shipping manifests for the 44 commercial customers, the data breach impacted over 950 thousand receiving customers.

“After a detailed forensic investigation, there is no evidence that any financial information was breached. In all, the impacted shipping manifests for the 44 commercial customers contained information relating to just over 950 thousand receiving customers.” reads the data breach notification published by the company. “After a thorough review of the shipping manifest files, we’ve determined the following:

  • The information is from July 2016 to March 2019
  • The vast majority (97%) contained the name and address of the receiving customer
  • The remainder (3%) contained an email address and/or phone number”

The ransomware attack took place in 2020, in December 2020 Lorenz operators published on their leak site 35.3 GB of data allegedly stolen from Commport Communications.

Initially, Commport Communications said that threat actors did not exfiltrate customers’ data, but the leaked data is proof of the data breach.

Canada Post is helping Commport Communications in investigating the incident to determine the extent of the data breach. The company has also engaged external cyber security experts and is proactively informing the impacted business customers.

Canada Post also notified the Office of the Privacy Commissioner.

“Canada Post will continue to engage external cyber security experts to conduct additional forensic work and assist in the ongoing investigation with Commport Communications. We have already implemented proactive measures and will continue to take all necessary steps to mitigate the impacts. Canada Post will also incorporate any learnings into our efforts, including the involvement of suppliers, to enhance our cyber security approach which is becoming an increasingly sophisticated issue.” concludes the data breach notification.

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, ransomware)

[adrotate banner=”5″]

[adrotate banner=”13″]