During the update cycle of one of InPost’s applications – Package Manager, there occurred an error due to which third parties could access shipping data of other users. According to Radio Krakow, after logging in to certain accounts users could access sensitive client data of over 7.4 million users. Therefore, third parties had unauthorized access to phone numbers, e-mail addresses and shipping addresses. What’s more, they could also monitor orders registered in the system.

In connection with the situation, InPost has issued following statement: “On 18-19.03.2019 during the update of the Package Manager application (https://manager.paczkomaty.pl) an incident related to the display of shipping information for packages that were not linked to the currently logged in accounts. The incident concerned 0.04% of users, which we have been dutifully identified. The incident occurred periodically and was short-lived. The scope of data covered the information given by the sender on the website. Appropriate preventive actions were immediately carried out our IT teams. Immediately a solution was introduced which prevented access to the information concerning shipments. In accordance with the procedure regarding the security of personal data of the Integer.pl group the incident was reported to the Office for Personal Data Protection.”

As stated above, the incident was reported to OPDP. InPost apologized to the users for problems.