Follow us:
  1. Home
  2. News
  3. Cybersecurity News

The Weekly Hack: Canada’s postal service says data on cannabis customers was stolen

A woman saw $1,600 disappear from her bank account after her Facebook profile was hacked

Photo (c) weerapakiatdumrong - Getty Images
Canada’s postal service recently admitted that unknown hackers stole information about consumers ordering recreational cannabis.

The hackers used Canada Post's online delivery tracking tool to steal information on 4,500 people ordering weed from a new legal dispensary in Ontario.

Such a breach can have serious implications for Canadians. Though cannabis is now legal in Canada, United States officials have indicated that they still refuse to recognize Canada’s marijuana legalization law.

U.S. Custom and Border Patrol recently threatened to deny entry to Canadians who are found to partake under the new laws. Locals are worried that United States federal authorities may try to access data on Canadian weed consumers.

“American authorities have an endless appetite for information they deem to be of national security interest and a dubious track record for how that information is used, as plenty of people discovered with the advent of no-fly lists,” says a recent editorial by the board of the Toronto Star newspaper.

The newspaper is also critical of a stipulation in Canada's pot legalization law that requires all legal users to submit their information into a government database.

“A data breach of any kind is the last thing legal pot sales in Ontario needs,” the paper adds.

Facebook and bank hack may be related

First Rachel Rivera got a call from her friends that her Facebook had been hacked and that someone was using her profile to message strange links to her contacts. Then she received an email from Facebook the next day that her password had been reset, even though she had yet to do so herself.

When she checked her bank statements, she saw that $1,600 worth of funds had been withdrawn from her account.

Rivera reported the theft to authorities and her bank, which credited her for the loss, but she told a local news station in Milwaukee that she believes the two hacks are related and is deleting her Facebook account.

The story may make people wary about Facebook’s feature that allows users to send and request money over messenger. But Rivera insists that she never used that or any feature that would have provided her bank details to Facebook. Or at least she thought she didn’t.

"People don't realize how much information they have on the internet,” an FBI special agent told WLOX.


The Hongkong and Shanghai Banking Corporation (HSBC) recently admitted to California regulators that unknown hackers accessed detailed personal and financial data on it its customers. HSBC detected the breach October 14 and recently alerted authorities and consumers on November 2; a state law in California requires corporations that do business in the state to notify consumers and authorities of all breaches.

“We have enhanced our authentication process for HSBC Personal Internet Banking, adding an extra layer of security,” says the HSBC statement to consumers. The bank is also, as has become standard in similar hacks, offering consumers free identity theft monitoring for a year.

The data accessed includes personal information, as well as account information and account history.


The North Korean hacking group Lazarus, infamous for its hack on Sony Pictures in the wake of the film The Interview, stole millions of dollars from ATMs across Asia and Africa, according to a new report by cybersecurity firm Symantec.

The firm speculates that Lazarus is more interested in stealing cold, hard cash than in advancing any government agenda, though Lazarus does have links to the North Korean government.  

Girl scouts

The Girl Scouts of Orange county recently notified its troops under California data disclosure laws that attackers accessed its email account on September 30. The email account has information about troop members’ birthdays, emails, home addresses, and health insurance information.

The chapter told troops that it recommends “that you monitor accounts,” but Girl Scouts apparently won’t be footing the bill. Instead, the Orange County chapter recommends that troops sign on to CreditKarma, the monitoring service that is already free.

Healthcare, everywhere

Over a million people across the country had their personal data accessed in healthcare breaches in October, according to a  report by Modern Healthcare.

The worst breach occurred in Texas, where 1.2 million people who receive benefits under the  Employees Retirement System of Texas had their data accessed.

Take an Identity Theft Quiz

Get matched with an Accredited Partner

    Share your comments