The personal information of thousands of Irish online shoppers has been compromised after hackers stole their details from international courier company Fastway Couriers. Following this, the Irish Data Protection Commission has launched an investigation into the data breach.
As of writing, The Irish News states that Fastway Courier has over 7,000 clients all over the world. These include 20 online retailers on a major scale, with other remaining companies on a smaller and medium scale. Its clients include Chian Reaction Cycles, a cycling products retailer.
According to TheJournal.ie, the data security incident initially occurred just last month on February 24, 2021, after Fastway was doing maintenance on its database server. However, the data breach was only discovered a day after on February 25 by a third-party IT contractor.
Despite issuing a patch for the said vulnerability on a succeeding day, February 26, 2021, at around 9 in the morning, the third-party IT contractor failed to notify the international courier company about the incident right away. It only notified the company on March 2, 2021.
After learning about the cyber attack launched by hackers, Fastway reportedly notified relevant authorities right away, including the Data Protection Commission and the An Garda Siochana, notes The Irish Times.
In total, the number of affected accounts and individuals amounted to 446,143. Among the compromised and stolen information include the names of the customers, as well as their email addresses and postal addresses.
Apart from the aforementioned information, the hackers have also obtained the phone numbers of its clients.
The affected customers and recipients pertained to parcel deliveries that were en route to their delivery location or that were still undelivered over a period of 30 days from the middle of January onwards, said the courier company.
The firm maintains that no financial data has been affected. The passwords of users also remain safe from hackers. According to the company, Fastway anonymizes the personal data of customers 30 days after the items or orders have been delivered.
The chief executive officer of Fastway Couriers Danny Hughes stated to the public saying, “It is distressing that our IT system was compromised by a malicious hack as we are exceptionally careful in every aspect of our data protection obligations.”
In addition, Hughes also remarked that he “deeply regret[s] that people’s personal data has been compromised and I apologise to our clients and customers. I want to stress that nobody’s financial data was at risk and the issue is limited to delivery information only.”