Possible data breach at CitySprint driver portal

DPDgroup owned same-day delivery firm CitySprint has had a driver information data leak after hackers attacked its iFleet portal.

On the 7th April, CitySprint sent an email to its self-employed drivers announcing the data breach. Its iFleet portal handles personal driver information including their driving licence details and weekly earnings.

CitySprint is reported to have shut down the system as soon as it learned that hackers had broken into the system. It claims that it can find no evidence data was stolen in the hack, though the carrier is investigating and may yet find otherwise.

The carrier is reported to have said in its email to its drivers, it has “deployed forensic cybersecurity experts to thoroughly and comprehensively investigate the incident and assess what data, if any, has been compromised.”

The email goes on, “Our security checks, which are not quite complete yet have shown that so far, no personal data was compromised. The remaining checks will confirm if any of your data may have been affected. Therefore, as a precautionary measure, we have informed the Information Commissioner’s Office of the incident.”

A spokesperson for CitySprint confirmed the event had taken place and said, “We recently detected an apparent malicious attempt by a third party to access confidential data from our courier management platform. As soon as this issue was discovered, we took immediate steps to close off external access to this, and launched a full and thorough investigation, led by independent cybersecurity experts. Now that this investigation has concluded, we are pleased to confirm that we believe that no personal data has been compromised. This incident has been reported to the proper authorities and we are in contact with couriers who contract with us about this as a matter of precaution.”