Personal information of Fastway customers compromised in cyber attack

A statement said that one of the company's IT systems "has been subject of a cyber-attack, the consequence of which has been that client data, including customers’ personal information, has been compromised."

Fastway said in a statement that “the data in question is information used for the purposes of delivery (including name, address, email and/or phone)”.

Data of 446,143 "parcel receivers" was accessed in the cyber-attack.

The company said: “No financial data or other personal data has been compromised, nor is this stored on any Fastway system.” 

The statement revealed: “The data compromised relates to Fastway deliveries, in-flight or undelivered parcels over a period of approximately 30 days from mid-January onwards.” 

 The statement added: “On learning of the cyber breach, Fastway advised the Data Protection Commission and the gardaí.

“Fastway has made the requisite data breach submission to the Data Protection Commission.” 

The statement explained: “The cyber-attack was identified by Fastway’s third-party IT development contractor on February 25th and was fully mitigated by 9am on February 26th.

“The third-party contractor advised Fastway of the breach on March 2nd.” 

Fastway CEO Danny Hughes has apologised for the breach.

“It is distressing that our IT system was compromised by a malicious hack as we are exceptionally careful in every aspect of our data protection obligations,” said Mr Hughes.

“I deeply regret that people’s personal data has been compromised and I apologise to our clients and their customers.

“I want to stress that nobody’s financial data was at risk and the issue is limited to delivery information only.

“We will continue to work closely with the DPC, the Gardaí and our clients to manage this situation in line with best practice.” 

The statement added the Fastway has engaged an IT consultancy “to conduct an incident response and independent review of the cyber-attack”.