The branch charged with Ontario’s legal cannabis distribution took a huge hit to its information security last Thursday (November 1).
As far as the provincial rollout of legal cannabis goes, Ontario is a mess. After weeks of painstaking delivery delays, lost orders, product shortages, and more than 1,000 formal complaints, Ontarians can now add a hack to the pile of frustrating hiccups to tweet about.
Ontario Cannabis Store is incompetent. I'm order #86xx , i ordered in the first 30 minutes. Now more than 2 weeks, nothing. No email. Call centre useless. People who ordered after me got delivery... why isnt it first come first served? #ONpoli @ONCannabisStore #OCS— Jose Jones (@JoseJon05278496) October 31, 2018
The Ontario Cannabis Store (OCS) released a statement via Twitter on Wednesday (November 7) disclosing a hacker accessed approximately 4,500 digital records by way of the Canada Post delivery tracking tool. The Crown corporation functions as the primary postal operator in Canada and, now that cannabis is federally legal, is responsible for delivering weed.
The OCS has released the following update: pic.twitter.com/OOnxAGOMsA— Ontario Cannabis Store (@ONCannabisStore) November 7, 2018
The information obtained included postal codes, deliver dates, tracking numbers, and package signee names. The full delivery address and legal names of the recipient were not included in the stolen information.
The affected customers were notified by email on the same day the release went public—six days after the breach.
The release reads: “Upon learning of this incident, the OCS immediately engaged the Office of the Information and Privacy Commissioner (IPC) of Ontario. Since November 1, the OCS has worked closely with Canada Post to identify the cause of this issue and to prevent any further unauthorized access to customer delivery information.”
The release also says the information was “deleted and not further disclosed” and says Canada Post has not yet taken further action.