[BreachExchange] Thousands of Shoppers Affected by Fastway Couriers Security Breach

[Destry Winant]

https://heimdalsecurity.com/blog/thousands-of-shoppers-affected-by-fastway-couriers-security-breach/

On March 11th, Fastway Couriers issued an official statement
confirming they have been a victim of a major security breach. Details
of almost 450,000 customers have been compromised.

The company has contacted the Office of the Data Protection
Commissioner about the incident which has now initiated an
investigation. It is believed that the breach took place on February
24th while the company was carrying out maintenance on a database
server.

Fastway Couriers confirms that one of its IT systems has been subject
of a cyber-attack, the consequence of which has been that client data,
including customers’ personal information, has been compromised. The
data in question is information used for the purposes of delivery
(name, address, email and/or phone). No financial data or other
personal data has been compromised, nor is this stored on any Fastway
system.

In the same statement, Danny Hughes, CEO of Fastway Couriers, said it
is distressing that the IT system was compromised by a malicious hack.

I deeply regret that people’s personal data has been compromised and I
apologise to our clients and their customers. I want to stress that
nobody’s financial data was at risk and the issue is limited to
delivery information only

The compromised data links to Fastway deliveries and in-flight or
undelivered parcels over a period of about 30 days from the middle of
January onwards, the courier company said. During the Covid-19
pandemic demands for parcel services have increased as the closure of
retailers has forced people to turn to online shopping and to rely on
home deliveries since they were required to stay at home.

Fastway Couriers has over 7,000 clients, including 20 major online
retailers with the remainder being medium-sized and small businesses.

Chain Reaction Cycles, a large online retailer of cycling products
based in Belfast, warned its customers that their data was accessed
“during planned database updates” by the courier firm, writes Simon
Carswell.

Fastway assured customers and clients it has engaged an IT consultancy
to conduct an incident response and independent review of the
cyberattack.