Canada Post Leaked Personal Data of 4,500 Cannabis Customers

The Ontario Cannabis Store (OCS) is warning that approximately 4,500 customers had their personal information exposed following a privacy breach involving Canada Post.

In a statement on Twitter, the OCS announced on Wednesday that an unauthorized individual was able to access order records for roughly two percent of its customer base using the mail carrier’s online delivery tracking tool.

“Since Nov. 2, the OCS has worked closely with Canada Post to identify the cause of this issue and to prevent any further unauthorized access to customer delivery information,” said the OCS.

The cannabis retailer said the exposed information included customers’ postal code, name or initials of the personal who signed upon delivery, date of delivery, OCS reference number, tracking number, and OCS corporate name and business address.

According to the OCS, the names of people who placed the orders, delivery addresses, payment information and contents of the orders were not included in the breach.

The OCS has released the following update: pic.twitter.com/OOnxAGOMsA

— Ontario Cannabis Store (@ONCannabisStore) November 7, 2018

The government-operated online retailer – which is the only legal cannabis supplier in the province – noted it encouraged Canada Post to take immediate action to notify affected customers.

“To date, Canada Post has not taken action in this regard,” the OCS said. “Although Canada Post is making its own determination as to whether notification of customers is required in this instance, the OCS has notified all relevant customers.”

Meanwhile, a Canada Post spokesperson assured the individual behind the leak “only shared [the data] with Canada Post and deleted it without distributing further,” reported ZD Net.

“We are pleased that OCS has notified their customers of the issue and will continue to work together to provide customers their assurance that this is being fully addressed,” the (Read more...)