Same-day delivery firm CitySprint has warned couriers it has suffered a data breach that may have allowed hackers to access their sensitive personal data.
An email sent on April 7th to thousands of drivers confirming that a security breach had occurred.
CitySprint, which was recently acquired by parcel delivery giant DPD Group, uses self-employed drivers to deliver packages across the UK.
Those drivers share personal information with CitySprint via the company’s iFleet portal – information which includes photos of their driving license, vehicle pictures, and records of their weekly earnings.
The delivery firm says that as soon as it became aware of “the incident”, it shut down the iFleet system and removed access to it.
CitySprint currently says it has no evidence about personal data having been accessed, but an absence of evidence doesn’t mean it hasn’t happened. For now, its investigations continue, and the company has “deployed forensic cybersecurity experts to thoroughly and comprehensively investigate the incident and assess what data, if any, has been compromised.”
Our security checks, which are not quite complete yet have shown that so far, no personal data was compromised. The remaining checks will confirm if any of your data may have been affected. Therefore, as a precautionary measure, we have informed the Information Commissioner’s Office of the incident.
CitySprint says it takes the protection of personal data “very seriously,” and is reviewing IT working practices across the organisation.
In its email, CitySprint goes on to offer a series of tips to drivers on what action they should take if their personal data is compromised online.
These include changing their passwords to something strong and unique, enabling two-factor authentication on accounts which offer the additional level of security, and to consider signing up for identity theft protection service.
At the time of writing I can find no public acknowledgement of the incident on CitySprint’s website, meaning that anyone who is considering signing up as a delivery driver for the firm may be unaware that a security breach has recently occurred.
Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.