4,500 Ontario Cannabis Store Customers Affected by Privacy BreachThe Canadian PressNovember 7, 2018
Learn About Cannabis in Canada
LAWS, LOCATIONS, STORE MENUS, AND MORE
“Both organizations have been working closely together since that time to investigate and take immediate action,” Canada Post said in a statement. “As a result, important fixes have been put in place by both organizations to prevent any further unauthorized access to customer information.’”
Canada Post notified the online cannabis store on Nov. 1 about the breach, both organizations said.
In a statement on Wednesday, the Ontario Cannabis Store said it referred the matter to the province’s privacy commissioner. The statement also said the store had “encouraged” Canada Post to take immediate action to notify its customers.
“To date, Canada Post has not taken action in this regard,” the store said in its statement. “Although Canada Post is making its own determination as to whether notification of customers is required in this instance, the OCS has notified all relevant customers.”
According to the online store, the compromised information included postal codes and the names or initials of the person who accepted delivery of the marijuana.
No other order details were included, such as the name of the person who made the order–unless it was the same as the individual who signed for delivery–or the actual delivery address or payment information, the statement said.
OCS said customers who did not receive an email notification were not part of the breach.
Ontario’s privacy commissioner had no immediate comment.
While marijuana ordered through the Ontario Cannabis Store is legal, privacy concerns are especially acute given the hard line taken by American authorities, who have made it clear that Canadians who admit to using pot could be refused entry to the US or deemed inadmissible for life.
“I wouldn’t say I am worried (about this breach) but I am concerned any time my personal information is hacked,” said one customer, who received the email from the cannabis store. “I would prefer you not use my name only because I might like to continue to be admissible to USA.”
According to the store, the breach occurred when an individual used the Canada Post tracking tool to access delivery data and also potentially affected customers of other Canada Post clients.
“The OCS has worked closely with Canada Post to identify the cause of this issue and to prevent any further unauthorized access to customer delivery information,” the store said. “Canada Post has advised that any information obtained was deleted and not further disclosed.”
Canada Post said it was confident the individual who accessed the information only shared it with Canada Post and deleted it without distributing further.