A few days ago, Radio Kraków reported that contact details of the company's customers leaked from InPost's database. It turns out that the sensational reports of the radio reporter have not been properly documented, and InPost is of the opinion that no leak of personal data has occurred.
Recently in the pages of gsmManiaKa you could read that one of the Kraków Radio reporters, after logging into their account, InPost gained the opportunity to observe every subsequent order in the system – also from clients other than the reporter. The case seemed serious – among the information to which access was obtained in this way, allegedly were contact details covered by the RODO regulations.
Radio Krakow apologizes for providing false information
Today we already know that the electrifying reports of Radio Krakow do not have coverage in facts. The mentioned material disappeared from the internet service of the radio, and its authors were forced to publish a correction with the following content:
Radio Krakow apologizes to InPost for providing false information about data leakage and having "documented information on over 7 400,000 shipments. Each order has personal details such as a phone number, e-mail address, often made of names and surnames, and – in many cases – the exact address of the recipient and the sender "- Radio Krakow was not and is not in possession of such data.
The content of the apology was also confirmed by InPost on its FB profile. Interestingly, some time after the publication of the correction has disappeared from the radio – at the time of writing these words only a blank page is visible.
InPost – this is not a data leak, only an application error
Although the information about Radio Krakow has not been documented, the fact is that InPost had technical problems with the Manager Pack application – only on a smaller scale than Radio Krakow reported. This is even confirmed by the official position of the company , to which we referred a few days ago and in which you can read:
On 18-19.03.2019, during the update of the Manager Pack application (https://manager.paczkomaty.pl), an incident related to the display of information on shipments to some users of the application was not identified by the currently logged in user. The incident concerned 0.04% of users we identified strictly. Incidents occurred periodically and were short-lived. The data covered the scope given by the sender in the website.
InPost also confirmed that the incident message was reported to the Office for Personal Data Protection, which is a standard procedure in such situations. An additional security has been introduced which will prevent a similar error in the future. Sources: 1 , 2