You are Here
CitySprint confirms security breach, warns delivery drivers their personal data may be in the hands of hackers
Cyber Security

CitySprint confirms security breach, warns delivery drivers their personal data may be in the hands of hackers

3 min read

CitySprint confirms security breach, warns delivery drivers their personal data may be in the hands of hackers

Same-day delivery firm CitySprint has warned couriers it has suffered a data breach that may have allowed hackers to access their sensitive personal data.

An email sent on April 7th to thousands of drivers confirming that a security breach had occurred.

Citysprint email

CitySprint, which was recently acquired by parcel delivery giant DPD Group, uses self-employed drivers to deliver packages across the UK.

Those drivers share personal information with CitySprint via the company’s iFleet portal – information which includes photos of their driving license, vehicle pictures, and records of their weekly earnings.

EmailSign up to our newsletter
Security news, advice, and tips.

The delivery firm says that as soon as it became aware of “the incident”, it shut down the iFleet system and removed access to it.

CitySprint currently says it has no evidence about personal data having been accessed, but an absence of evidence doesn’t mean it hasn’t happened. For now, its investigations continue, and the company has “deployed forensic cybersecurity experts to thoroughly and comprehensively investigate the incident and assess what data, if any, has been compromised.”

Our security checks, which are not quite complete yet have shown that so far, no personal data was compromised. The remaining checks will confirm if any of your data may have been affected. Therefore, as a precautionary measure, we have informed the Information Commissioner’s Office of the incident.

CitySprint says it takes the protection of personal data “very seriously,” and is reviewing IT working practices across the organisation.

In its email, CitySprint goes on to offer a series of tips to drivers on what action they should take if their personal data is compromised online.

These include changing their passwords to something strong and unique, enabling two-factor authentication on accounts which offer the additional level of security, and to consider signing up for identity theft protection service.

At the time of writing I can find no public acknowledgement of the incident on CitySprint’s website, meaning that anyone who is considering signing up as a delivery driver for the firm may be unaware that a security breach has recently occurred.

Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.

Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon’s Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy.

Follow him on Twitter at @gcluley, or drop him an email.

Share
Facebook Twitter Pinterest Linkedin

Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *