There has not been a cyberattack or hack of the Canada Post network but Canada Post is investigating a report that some customer information may have been compromised in 2017.
The cause appears to be that login and password credentials stolen in external privacy breaches unrelated to Canada Post were used to access individual Canada Post accounts. This is possible when users reuse their credentials on several websites to avoid having to remember different passwords.
Canada Post will reset all passwords for all online customer accounts over the coming days. Canada Post is contacting any customer directly if their information has been compromised by this activity.
While this is not a breach of the Canada Post system, Canada Post understands that it is held to a higher standard and has an obligation to all of its customers and all Canadians to keep their information safe. Canada Post is reviewing its policies and procedures to determine what can be done to strengthen the security of its online platforms.