13 June 2024 – Geopost provides Information on Cybersecurity Incident
Geopost announces having identified a cybersecurity incident consisting of a recent unauthorized access to a database operated by its subsidiary in Spain. After becoming aware of the incident, the company proactively informed the National Cybersecurity Institute (INCIBE) and the Spanish Data Protection Agency (AEPD), for the appropriate purposes, and promptly began an investigation with the assistance of cybersecurity experts.
This investigation allows to confirm that the compromised data is limited to those necessary for the provision of the transport service, i.e. name, surname, postal address, email address, and in certain cases, telephone number.
Geopost also confirms having taken, with its Spanish subsidiary, all the necessary measures to manage the incident and mitigate its impact, guaranteeing that our response has been immediate, and our security system reinforced. More specifically, the remediation measures include a range of security actions such as password renewals, formatting of affected devices, improvements in network security, real-time monitoring and improvements in the automation of response to suspicious events to protect our systems and information.
This case, which is not a ransomware situation, may lead to the use of the stolen data for spamming or phishing attempts. We therefore invite our senders or receiving customers to increase their level of precaution with regards to suspicious email or telephone calls from unknown contacts.
Interested parties are invited to contact the Data Protection Officer of Geopost SA through the email address dpo@geopost.com to answer your questions, expand on the available information or receive useful advice.
Fraudulent Calls, Texts and Emails
We advise our customers to be extra vigilant of fraudulent communications.
Please be mindful that fraudsters are capitalising at present and we have received some reports of sources purporting to be from DPD requesting payment for delivery of parcels.
- Please be aware that VAT and customs duty will be applicable (depending on value of goods) for parcel recipients who are based in the Republic of Ireland.
- If you are buying goods from GB, the Seller may collect the VAT and Duty from you prior to dispatch of goods.
- If not, then DPD will declare goods on your behalf and will collect duties and taxes from you in advance of delivery.
- DPD will be contacting you via email and/or SMS requesting payment of the applicable taxes and duties.
We have outlined full details of this process on our dedicated Brexit Consumer Page. Here you will find the process for making payment and a detailed guide showing you the communication type you can expect to receive from DPD Ireland.
We ask you to be extra vigilant.
How to Recognise Fraudulent Texts & Emails
- The email/text has a generic greeting, for example, “Dear User”
- It tells a story to try to persuade you to click a link or open an attachment
- Often claims there is a problem with your payment information
- Asks you to confirm personal information
- Wants you to follow a link to make a payment
- Includes misspelling or bad grammar
- The sender’s email address looks suspicious
*Below are some of the examples of fraudulent communications that have been brought to our attention. If you think a scammer has your information, like your Social Security, credit card, or bank account number, go to your local Garda Station