Canada Post investigating whether some customer data was compromised in 2017
The Canada Post logo is seen on the outside the company's Pacific Processing Centre, in Richmond, B.C., on Thursday June 1, 2017. Canada Post is proposing to raise the prices of stamps ever-so-slightly next year. (THE CANADIAN PRESS/Darryl Dyck)
Published Thursday, October 17, 2019 12:56PM EDT
Last Updated Thursday, October 17, 2019 2:45PM EDT
TORONTO -- Canada Post says it has begun to reset passwords for all online customers as it investigates a report that some data may have been compromised in 2017.
The national postal operator stressed in a news release that “there has not been a cyberattack or hack of the Canada Post network.” Instead, user data may have been accessed by using the same username-password combinations of hacked accounts in outside breaches.
“This appears to be the result of credential stuffing, where login and password credentials stolen in external privacy breaches unrelated to Canada Post were paired and used to access some Canada Post accounts,” the Crown corporation said in an emailed statement to CTVNews.ca. “This is possible when users reuse their credentials on several websites to avoid having to remember different passwords.”
Beginning Wednesday, all passwords for online accounts were being reset and the service said it would directly contact those whose data was compromised. In emails to customers, Canada Post suggested users create stronger passwords. It is unclear how many users may be affected.
“While this is not a breach of the Canada Post system, Canada Post understands that it is held to a higher standard and has an obligation to all of its customers and all Canadians to keep their information safe,” the corporation said. “Canada Post is reviewing its policies and procedures to determine what can be done to strengthen the security of its online platforms.”
A spokesperson added that the corporation is working with a third party to “investigate this situation, confirm our findings and provide additional guidance.”