Parcelforce customer data compromised

Company: Parcelforce
Date: 9th June 2009
Information Compromised: Customer Data, including signatures
Cause: Modification to system without audit
Details: Personal data including the signatures of recipients has been exposed to those tracking deliveries on the Parcelforce website.

Customers sending a package with Parcelforce Worldwide are given a reference number which allows them to track the progress of the delivery.

Reference numbers entered into the "track and trace" feature on the Parcelforce website, a series of unconnected deliveries was revealed.

Although the same reference number was typed in, the specifics of parcels with other reference details were displayed.

Within the space of 30 minutes, the system handed out details of parcels in Cleveland, Swansea and even awaiting customs clearance en route from Shanghai.

These included some parcels that had already been delivered. On the page declaring "proof of delivery", the name and postcode at its destination were shown, alongside a reproduction of the signature of the recipient.

 
See Also: