Fastway Security Breach

This is a copy of the email I received from Fastway on the evening of 11/03/21

There is not really any need for concern as the data compromised was contact details only. There is no connection to my website or payment gateways – it is completely separate. If you have any concerns – please change your passwords regularly for all your accounts. You can also contact Fastway directly on dp@fastway.ie

Email:

Dear Client,

We are writing to notify you about a security incident. Regrettably, we have suffered a cyber-attack in which an index within one of our reporting applications was compromised.

This index includes the personal data of your customers. The personal data consists of name, address, telephone number and email address only. No other personal data has been compromised. As you know, we do not hold any financial or other sensitive personal data of your customers.

The vulnerability in our system occurred on the morning of the 24th of February and was contained within a time period of approximately 48 hours.

However, we are aware that during this period the an unauthorised intruder gained access to the personal data.

We have reported this incident to the Data Protection Commission and will continue to engage with the Data Protection Commission in relation to the incident.

We have also reported it to the An Garda Siochána and an investigation has commenced.

We have engaged an independent 3rd party to conduct an audit in order to reassure all our clients that our systems are fully secure, and take any recommendations that might further enhance this for the future.

All development deployments were suspended purely as a precautionary measure until we had conducted a security review, even though this was isolated to only one server which has been contained.

I would like to reassure you that Fastway takes its obligations to safeguard personal data very seriously. We will take all steps necessary to ensure that such an incident does not occur in the future.

While we take this breach very seriously we are also satisfied that the personal data involved is limited to name and contact details used to deliver your parcels.Please note, this matter affects parcels delivered by Fastway between January 23th and February 24th, 2021 only. 

Action required by you

You may decide to notify all customers in receipt of a parcel from you, delivered by Fastway within this time (above)  of the data breach and the exposure of their delivery information.  

Should you need further information please contact us on dp@fastway.ie

Further updates will be published on the Fastway Website in due course www.fastway.ie

Fastway Couriers

 

Statement from Fastway Couriers regarding Data Breach.

Fastway Couriers confirms that one of its IT systems has been subject of a cyber-attack, the consequence of which has been that client data, including customers’ personal information, has been compromised. The data in question is information used for the purposes of delivery (name, address, email and/or phone). No financial data or other personal data has been compromised, nor is this stored on any Fastway system.

On learning of the cyber breach, Fastway advised the Data Protection Commission and the Gardai. Fastway has made the requisite data breach submission to the Data Protection Commission.

The cyber-attack was identified by Fastway’s third-party IT development contractor on February 25th and was fully mitigated by 9am on February 26th. The third-party contractor advised Fastway of the breach on March 2nd.

The data that was compromised relates to the customers of Fastway clients. Names, addresses and contact details of 446,143 parcel receivers were compromised. The data compromised relates to Fastway deliveries, in-flight or undelivered parcels over a period of approximately 30 days from mid-January onwards.  

“It is distressing that our IT system was compromised by a malicious hack as we are exceptionally careful in every aspect of our data protection obligations,” said Danny Hughes, CEO of Fastway Couriers. “I deeply regret that people’s personal data has been compromised and I apologise to our clients and their customers. I want to stress that nobody’s financial data was at risk and the issue is limited to delivery information only. We will continue to work closely with the DPC, the Gardai and our clients to manage this situation in line with best practice.”

Fastway has engaged an IT consultancy to conduct an incident response and independent review of the cyber-attack.

Should you need further information please contact us on dp@fastway.ie

We are using cookies on our website

Please confirm, if you accept our tracking cookies. You can also decline the tracking, so you can continue to visit our website without any data sent to third party services.