- Canada Post has leaked data of 2% of the Ontario Cannabis Store customer base.
- An unnamed official was able to access the affected users’ records.
- The security incident has been reported publicly, and steps have been taken to restrict access to the data.
Recreational cannabis being made legal in Ontario, Canada has led to a lot of problems and citizens have yet another security incident to be worried about. An unnamed Canada Post official was able to access the private details of Ontario Cannabis Store (OCS) customers. The information includes names, nominated signatories, postcodes, delivery dates of consignments, business addresses, OCS reference numbers, Canada Post tracking numbers, and OCS corporate names.
It was reported that 4,500 users were affected which makes up approximately 2% of the user base. The Canada Post data breach was first uncovered on November 1 and was notified to the OCS who quickly took action to secure their database. The OCS revealed that unless the buyers were affecting delivery, the names, addresses and payment information of users were not compromised.
The OCS has released the following update: pic.twitter.com/OOnxAGOMsA
— Ontario Cannabis Store (@ONCannabisStore) November 7, 2018
Despite cannabis being made legal in Canada, no user would want his personal details to be publicly known. The data leak is just one of many security incidents that have been happening lately, and even government agencies are no exception to these security incidents.
According to a cannabis supplier “The OCS has encouraged Canada Post to take immediate action to notify their customers. To date, Canada Post has not taken action in this regard. Although Canada Post is making its own determination as to whether notification of customers is required in this instance, the OCS has notified all relevant customers.”
Over 1000 complaints have been filed against the postal service related to the OCS, and it may land the officials in trouble. The OCS is already facing censure and after the press release against the body was issued by the Ombudsman, things do not look too promising for the service provider.
According to a spokesperson, security measures have been taken, and fixes have already been deployed to prevent a similar security leak. The OCS has notified customers about the issue, and they have been assured that the issue is being addressed.