Customer data relating to more than 400,000 parcel deliveries was accessed by hackers.
A MAJOR BREACH of data belonging to Irish online shoppers has been confirmed.
Fastway Couriers has contacted the Office of the Data Protection Commissioner about the incident and the data watchdog has now commenced a probe.
It is understood that the breach occurred on February 24 while the company was carrying out maintenance on a database server.
It is believed that while this was taking place some data became vulnerable and it was accessed by hackers.
The leak involves names, addresses, email accounts and phone numbers of customers.
No financial information or passwords were exposed during the breach of Fastway’s servers.
A spokesperson for the Office of the Data Protection Commissioner confirmed that they were made aware of the breach and that investigators are now “assessing” the incident.
It is understood that the customers involved in the breach were associated with inbound online purchases from across Ireland and in other countries.
A statement from Fastway Couriers confirmed the data breach and said that their system was subject of a “cyber-attack”.
“The data in question is information used for the purposes of delivery (including name, address, email and/or phone). No financial data or other personal data has been compromised, nor is this stored on any Fastway system.
“On learning of the cyber breach, Fastway advised the Data Protection Commission and the Gardaí. Fastway has made the requisite data breach submission to the Data Protection Commission.
“The cyber-attack was identified by Fastway’s third-party IT development contractor on February 25th and was fully mitigated by 9am on February 26th. The third-party contractor advised Fastway of the breach on March 2,” a statement said.
Fastway said that the data is from more than 400,000 parcel deliveries.
“The data that was compromised relates to the customers of Fastway clients. Names, addresses and contact details of 446,143 parcel receivers were compromised. The data compromised relates to Fastway deliveries, in-flight or undelivered parcels over a period of approximately 30 days from mid-January onwards,” the statement added.
No news is bad news
Support The Journal
Your contributions will help us continue
to deliver the stories that are important to you
Support us now
Danny Hughes, CEO of Fastway Couriers, spoke of his regret at the breach.
“It is distressing that our IT system was compromised by a malicious hack as we are exceptionally careful in every aspect of our data protection obligations.
“I deeply regret that people’s personal data has been compromised and I apologise to our clients and their customers. I want to stress that nobody’s financial data was at risk and the issue is limited to delivery information only. We will continue to work closely with the DPC, the Gardai and our clients to manage this situation in line with best practice.”
Fastway has engaged an IT consultancy to conduct an incident response and independent review of the cyber-attack.
Fastway’s 7,263 clients comprise 20 large e-retailers with the remainder medium-sized or small retailers.
The company said that once parcels are delivered, Fastway anonymises personal data within 30 days.
Fastway are one of the country’s leading courier services and have 16 bases across the island of Ireland.