Fastway Couriers confirms that one of its IT systems has been subject of a cyber-attack, the consequence of which has been that client data, including customers’ personal information, has been compromised. The data in question is information used for the purposes of delivery (name, address, email and/or phone). No financial data or other personal data has been compromised, nor is this stored on any Fastway system.
The company was established in 1983 in Napier in New Zealand, Fastway Couriers is now a globally franchised courier company with over 30 years’ experience and a presence in five countries, New Zealand, Australia, Ireland, Northern Ireland and South Africa.
On learning of the cyber breach, Fastway advised the Data Protection Commission and the Gardai. Fastway has made the requisite data breach submission to the Data Protection Commission.
The cyber-attack was identified by Fastway’s third-party IT development contractor on February 25th and was fully mitigated by 9am on February 26th. The third-party contractor advised Fastway of the breach on March 2nd.
The data that was compromised relates to the customers of Fastway clients. Names, addresses and contact details of 446,143 parcel receivers were compromised. The data compromised relates to Fastway deliveries, in-flight or undelivered parcels over a period of approximately 30 days from mid-January onwards.
“It is distressing that our IT system was compromised by a malicious hack as we are exceptionally careful in every aspect of our data protection obligations,” said Danny Hughes, CEO of Fastway Couriers. “I deeply regret that people’s personal data has been compromised and I apologise to our clients and their customers. I want to stress that nobody’s financial data was at risk and the issue is limited to delivery information only. We will continue to work closely with the DPC, the Gardai and our clients to manage this situation in line with best practice.”
Fastway has engaged an IT consultancy to conduct an incident response and independent review of the cyber-attack.