CitySprint, a same-day delivery company, has issued a warning to couriers after discovering a data breach that may have given hackers access to sensitive personal information.
A security issue was confirmed in an email sent to hundreds of drivers on April 7th.
Self-employed drivers transport items across the UK for CitySprint, which was recently acquired by package delivery behemoth DPD Group.
These drivers provide personal information to CitySprint using the company's iFleet interface, which includes photos of their driver's licence, car shots, and weekly earnings data.
The delivery company claims that it shut down the iFleet system and restricted access to it as soon as it became aware of "the incident."
CitySprint currently claims that it has no confirmation that personal data has been accessed, but it does not rule out the possibility. For the time being, the business's investigations are ongoing, and it has deployed forensic cybersecurity professionals to completely and comprehensively examine the event and analyse what data, if any, has been exposed.
It states, “Our security checks, which are not quite complete yet have shown that so far, no personal data was compromised. The remaining checks will confirm if any of your data may have been affected. Therefore, as a precautionary measure, we have informed the Information Commissioner’s Office of the incident.”
CitySprint claims it takes personal data protection "very seriously" and is investigating IT working processes across the company.
Some drivers are clearly dissatisfied with the way the company handles their personal information.
CitySprint includes several pieces of advice in its email for drivers on what to do if their personal information is compromised online.
Change their passwords to something strong and unique, enable two-factor authentication on accounts that provide it, and consider signing up for an identity theft protection service.
On 13th April, CitySprint offered the following statement, “We recently detected an apparent malicious attempt by a third party to access confidential data from our courier management platform. As soon as this issue was discovered, we took immediate steps to close off external access to this and launched a full and thorough investigation, led by independent cybersecurity experts.
Now that this investigation has concluded, we are pleased to confirm that we believe that no personal data has been compromised. This incident has been reported to the proper authorities and we are in contact with couriers who contract with us about this as a matter of precaution.”