Mailpac customers affected by Aeropost data breach
Olivia Brown/Gleaner Writer
Courier company Mailpac Group Limited, and Florida, United States-based logistics management and package delivery company, Aeropost, have come under fire over an email informing customers of a credit card breach.
One customer shared that the email stated that her credit card had been "compromised," and she should check her credit card statement for fraudulent transactions and report same to the credit card issuer.
The email also advised that customers request a credit card replacement.
The email read: "We regret to inform you that the credit card you have on file may have been compromised in a recent data breach. Although our systems safely store your credit card information encrypted, it may be possible that enforcers attempt to run transactions."
The statement went further, advising customers that their Aeropost account credentials were reset and deleted as a preventative measure.
Khary Robinson, chief operating officer of Mailpac Group Ltd, said he was cognisant of the breach, but noted that the breach was on the part of Aeropost International.
Aeropost is Mailpac's technology and logistics handling partner.
According to Robinson, only a small percentage of customers had been affected. "From our understanding, it's a small base of customers. It was only customers who had an account type called card on file, for a specific transaction type," he explained.
The customer, however, is irate and is criticising the company for downplaying the issue.
She contends that she had entrusted her business to Mailpac for the last four years, and is dissatisfied that she was not given much information surrounding the reported breach.
"At minimum, there is some amount of information they need to provide because I don't know why I should trust them for any future transactions. The way they presented it's like, 'Oh, we have notified you and that's it. It's now your problem' and I think that's a little too easy. I don't think they're really owning the issue because obviously a breach of what is supposedly a secured platform means the platform was not secured," she told The Gleaner.
"I find the manner in which Mailpac/Aeropost advised its customers of this data breach much too cavalier. It lacks information regarding the date of the breach, what caused hackers to be able to breach their platform, and what they are doing to mitigate against future occurrences," the irate customer said.
She related that the situation has left her on tenterhooks, especially since she had suffered a similar fate on two separate occasions,where fraudulent transactions were registered on her credit cards.
"They're not very open about this data breach. I think it's a general issue in Jamaica where fraud is not taken very seriously," said the customer.
The customer disclosed that she had card on file account with the courier company, which puts her in the percentage of customers Robinson indicated were affected.
"The basis for Mailpac to do customs clearance for their customers, is that they know their customers are paying them, so they keep your card on file so they automatically charge you," she explained.
Robinson says he regrets the situation, adding, "It is very unfortunate and we are working with our partner Aeropost to understand the situation and ensure that all the steps are taken to remedy the current situation and deter any future occurrences."
Robinson told The Gleaner that the Aeropost team has assured that the issue was rectified.
Note: A previous headline of this story incorrectly stated that the breach was with Mailpac. The breach affected Aeropost, which impacted Mailpac customers.
Follow The Gleaner on Twitter and Instagram @JamaicaGleaner and on Facebook @GleanerJamaica. Send us a message on WhatsApp at 1-876-499-0169 or email us at email@example.com or firstname.lastname@example.org.