Fastway Couriers Confirms Security Breach

A globally franchised courier company has issued a notice confirming that it was the subject of a cyber-attack.

The assault on Fastway Couriers was discovered by one of the company's third-party IT development contractors on February 25. 

In a security notice issued March 11, Fastway Couriers confirmed that a cyber-attack had occurred and that it had resulted in a data breach.

"Fastway Couriers confirms that one of its IT systems has been subject of a cyber-attack, the consequence of which has been that parcel receivers’ data has been compromised," stated the company.

Data affected by the incident includes names, addresses, email addresses, and phone numbers belonging to nearly 450,000 parcel recipients. Fastway Couriers said that the exposed information "is used only for the purposes of parcel delivery."

The company said that no financial data or any other personal data was compromised in the attack as such information is not stored on any Fastway Couriers IT systems.

"The data that was compromised relates to the customers of Fastway clients," stated Fastway Couriers. "Names, addresses and contact details of 446,143 parcel receivers were compromised. 

"The data compromised relates to Fastway deliveries, in-flight or undelivered parcels over a period of approximately 30 days from mid-January onwards."  

Fastway Couriers said that the attack was "mitigated by 9am on February 26th" and that the third-party contractor who discovered it advised Fastway of the breach on March 2.

"On learning of the cyber breach, Fastway advised the Data Protection Commission and the Gardai," said Fastway in its security notice. "Fastway has made the requisite data breach submission to the Data Protection Commission." 

Fastway Couriers said that it had hired an IT consultancy firm to carry out an incident response and independent review of the cyber-attack.

“It is distressing that our IT system was compromised by a malicious hack as we are exceptionally careful in every aspect of our data protection obligations,” said Danny Hughes, CEO of Fastway Couriers. “I deeply regret that people’s personal data has been compromised and I apologize to our clients and their customers."

Fastway Couriers was established in 1983 in Napier in New Zealand. Today it has a presence in Australia, Ireland, Northern Ireland, and South Africa.

What’s Hot on Infosecurity Magazine?