Hacker targets online complaints to Canada Post ombudsman
In October 2009, a call from a newspaper reporter alerted the Office of the Ombudsman for Canada Post that a computer programming flaw had enabled an unauthorized third party to gain access to personal information submitted through the ombudsman’s online complaint system. The data accessed included names, addresses, e-mail addresses and phone numbers of complainants, as well as details of their complaints.
In all, 131 postal service complaints submitted online between Aug. 4 and Sept. 2, 2009 were exposed in the security breach.
Canada Post immediately disabled the website, and notified and apologized to all affected individuals in writing. The website has since been fixed and reactivated.
The organization further advised us that it tests the vulnerability of its computer system annually, but that the computer system in the ombudsman’s office fell outside the scope of these reviews. Canada Post committed to including that system in its regular reviews.
- Date modified: