Parcel delivery company Fastway suffered a cyberattack which has compromised personal details from over 440,000 parcel deliveries.
Established in 1983 in Napier in New Zealand, Fastway has grown to operate in Australia, Ireland, Northern Ireland, and South Africa—in addition to New Zealand.
Fastway Couriers confirmed that one of its IT systems experienced a cyberattack which was identified on February 25.
The company said that many personal details of the 446,143 parcel deliveries were compromised in the leak like names, addresses, emails, and/or phone numbers of recipients. Fastway added that no financial information has been compromised—Fastway does not store any financial information in its systems.
The compromised data relates to deliveries, in-flight or undelivered parcels of around 30 days from mid-January onward, according to the Fastway. Customers in Ireland and other jurisdictions may have also been affected by the breach.
Fastway’s third-party IT development contractor identified the breach on February 25, and by 9 am on the 26th, had fully mitigated it. Fastway was advised by the IT contractor about the breach on March 2nd.
Once Fastway learned of the breach, it advised the Data Protection Commission and the Gardai. Fastway also made a requisite data breach submission to the Data Protection Commission.
Fastway CEO Danny Hughes said in a statement that it was distressing that the company’s system was compromised by a malicious attack. “I deeply regret that people’s personal data has been compromised and I apologize to our clients and their customers,” he said.
Fastway looks to rebound as quickly and safely as possible from the malicious attack, and to continue to develop a relationship rooted in trust with clients. That sentiment is further backed by the immediacy with which Fastway has made the attack public knowledge and outlined the company’s intentions moving forward. Disclosing cyber-attacks quickly is often bad for the company’s stock, but it gives clients a chance to react and work alongside IT support services in order to make sure more of their data isn’t compromised.
Hughes stressed that no financial data was at risk and the issue is limited to only delivery information. A bit of relieving news in the wake of the jarring incident. Hughes stated that Fastway will continue to work closely with the DPC, the Gardai, and clients to manage the situation in line with the best practices.
Fastway is committed to protecting its clients and their information and puts its best foot forward when dealing with cyberattacks and the preventative measures that must be taken with such attacks. Concerned customers are advised to contact Fastway directly.
With the pandemic still at large, many physical stores and businesses remain closed, and many customers have turned to online shopping and parcel deliveries. This breach hits almost a year after the first public health restrictions were announced.
The breach takes advantage of the unusual situations brought on by the pandemic—where companies like Fastway have been supporting beams for clients and economies the world over.
The Irish Data Protection Commission confirmed they were notified of the breach last week and are actively investigating the issue.