The Ontario Cannabis Store discloses a massive information breach through Canada Post

The OCS waited six days to tell the affected customers

    1 of 2 2 of 2

      The branch charged with Ontario’s legal cannabis distribution took a huge hit to its information security last Thursday (November 1).

      As far as the provincial rollout of legal cannabis goes, Ontario is a mess. After weeks of painstaking delivery delays, lost orders, product shortages, and more than 1,000 formal complaints, Ontarians can now add a hack to the pile of frustrating hiccups to tweet about. 

      The Ontario Cannabis Store (OCS) released a statement via Twitter on Wednesday (November 7) disclosing a hacker accessed approximately 4,500 digital records by way of the Canada Post delivery tracking tool. The Crown corporation functions as the primary postal operator in Canada and, now that cannabis is federally legal, is responsible for delivering weed.

      The information obtained included postal codes, deliver dates, tracking numbers, and package signee names. The full delivery address and legal names of the recipient were not included in the stolen information.

      The OCS says other companies who use the federal delivery corporation were also hacked.
      Ontario Cannabis Store

      The affected customers were notified by email on the same day the release went public—six days after the breach.

      The release reads: “Upon learning of this incident, the OCS immediately engaged the Office of the Information and Privacy Commissioner (IPC) of Ontario. Since November 1, the OCS has worked closely with Canada Post to identify the cause of this issue and to prevent any further unauthorized access to customer delivery information.”

      The release also says the information was “deleted and not further disclosed” and says Canada Post has not yet taken further action.