Over the weekend of April 23rd, Aeropost, the technology partner to Mailpac Group, reported a data breach on its platform. This breach resulted in customer data, including credit card details for a small percentage of Mailpac’s customers being compromised. Even though Aeropost maintains all customer information in an encrypted form and under a PCI certified zone, their security monitoring protocol identified unusual activity on a server used for file management.
Aeropost moved swiftly to address the problem once it became known, contacting all affected Mailpac customers, and responding to concerns of those who were impacted. Additionally, Aeropost prompted these customers to take additional measures to review their account statements and request replacement cards from their banks.
Fortunately, Aeropost was able to neutralize the breach quickly and has further secured the platform to prevent recurrence in the future. All card and login data for Mailpac customers – which the Aeropost platform accesses via tokenization – have since been deleted from the platform as an added security measure.
We do not expect this breach to have any material impact on the company or its shareholders.