The Irish delivery company has confirmed a data breach of personal details impacting more than 440,000 customers after an attack.
Fastway Couriers has confirmed Wednesday that one of its IT systems was compromised in a cyberattack, which the company identified on February 25.
The company says 446,143 shoppers’ names, addresses, emails, and/or phone numbers have leaked to attackers. The breach may have affected both customers in other jurisdictions besides Ireland, too.
According to the company, the stolen data relates to already delivered, in-flight, or undelivered parcels from the past 30 days from mid-January onwards.
Fastway Couriers said no other personal data such as financial information had been compromised on its systems, and the vulnerability was fully mitigated by 9 am on 26 February.
“I want to stress that nobody’s financial data was at risk and the issue is limited to delivery information only,” Fastway CEO Danny Hughes said.
The company has notified the UK Office of the Data Protection Commissioner about the incident and the data agency has started an investigation.
The breach was identified by Fastway’s third-party IT contractor on 25 February.
On learning of the breach, Fastway said it also notified the Gardaí, the Irish national police service.
Hughes said in a statement that it’s distressing that the customers’ data had been compromised in a cyberattack.
“I deeply regret that people’s personal data has been compromised and I apologize to our clients and their customers,” he said.
And added, “We will continue to work closely with the DPC, the Gardaí, and our clients to manage this situation in line with best practice.”
The breach comes at a time when as a result of Covid-19 many physical stores are closed, and many consumers turned to online shopping and delivery aservices to satisfy daily needs.