Commport Communications

Commport Communications, operating as Commport, is a Canadian company that functions as a third-party supplier of shipping manifest data services, primarily for postal service commercial customers. Its core operational role involves the processing, management, and secure handling of shipment details, including recipient names and physical addresses, which are essential for logistics and delivery operations. The company's business model is business-to-business, supporting the postal and courier sector by maintaining accurate and accessible manifest records for a large volume of parcels. The scale of data it handled is evidenced by a single incident affecting nearly 950,000 individuals, indicating a significant responsibility for sensitive customer information within the supply chain. No specific information is available regarding its broader market reach, additional product lines, or the precise scope of its client base beyond this relationship. The company's activities place it within the data management and logistics support niche, where reliability and security are critical competencies for maintaining service continuity for its postal service partners.

In December 2020, Commport was the victim of a ransomware attack attributed to the Lorenz cybercriminal group, which resulted in a significant data breach. The attack compromised the company's systems, leading to the theft and subsequent public leak of shipping manifest data belonging to commercial customers of a postal service. The exposed information primarily consisted of recipient names and addresses, with a smaller subset of records also containing email addresses or telephone numbers; forensic analysis confirmed that no financial data was accessed or exfiltrated. Following the discovery of the breach, Commport engaged external cybersecurity experts to investigate the incident, contain the threat, and remediate vulnerabilities. The company also fulfilled its regulatory obligations by notifying relevant privacy authorities about the personal information exposure. The Lorenz group publicly claimed responsibility for the attack and the data theft, directly linking the incident to their operational tactics. This event underscores the critical risk that third-party suppliers pose to the data security of large organizations and highlights the targeted nature of ransomware groups against the logistics and supply chain sector. The breach remains a documented incident in the company's history, reflecting a material failure in its cybersecurity defenses at that time.