Ontario Cannabis Store reports data breach affecting 4,500 customers

Cornelia Mascio
Novembre 8, 2018

Capping off a string of issues, including delivery delays and mislabeled products, the Ontario Cannabis Store (OCS) has now confirmed that the details of approximately 4,500 orders have been accessed through Canada Post's delivery tracking tool.

The OCS said it has informed Ontario's privacy commissioner of the breach and all affected customers.

In a privacy update on its website, the OCS said the breach late on November 1 affected about two per cent of its customer orders, and information was accessed by a person using a Canada Post delivery tracking tool.

Names of the people who made the orders were not obtained, if they were not the same as the people who signed for delivery, according to the OCS.

Specific details such as the name of the individual who made the order, delivery address, payment information and the contents of the order, have not been accessed, according to the OCS.

"We are pleased that OCS has notified their customers of the issue and will continue to work together to provide customers with assurance that this is being fully addressed", Canada Post said.

"We have also shared with OCS that we are confident that the customer who accessed the information only shared it with Canada Post and deleted it without distributing further".

"We are also satisfied that the flaw exploited in the breach was with Canada Post's system".

Canada Post acknowledged the breach, saying it has been working closely with the OCS to investigate and take immediate action. Beamish said in an interview. A spokesperson said the federal commissioner's office had been in contact with its provincial counterpart.

"Through our internal investigation, we have learned that this Canada Post website vulnerability is not unique to OCS customers and that in fact could apply to any Canada Post customers through manipulation of tracking and/or reference numbers", Ford said. In this instance, he said, it appears Canada Post took the position that it was a vendor to the OCS and, thus, the responsibility to notify the affected customers lay with the provincial outlet.

Altre relazioniGrafFiotech

Discuti questo articolo

Segui i nostri GIORNALE