USPS Reveals Cyber Breach Affects Employees, Customers
The U.S. Postal Service (USPS) announced yesterday that a "cyber security intrusion" compromised some of its information systems, affecting employees and some customers.
Exposed employee information included names, birth dates, Social Security numbers, addresses, employment dates, emergency contact information and other information. Employees were informed of the incident yesterday morning and offered one year of free credit monitoring.
While the hack did not include any credit or debit card information from purchases at retail locations or usps.com, those who contacted the Postal Service Customer Care Center via phone or e-mail between Jan. 1 and Aug. 16 may be affected. In those cases, compromised data included names, addresses, telephone numbers, email addresses and other information. At this time, USPS does not believe customers have to take any action as a result of the incident.
"The privacy and security of data entrusted to us is of the utmost importance," David Partenheimer, USPS media relations manager said in a statement released yesterday. "We have recently implemented additional security measures designed to improve the security of our information systems, including certain actions this past weekend that caused certain systems to be off-line. We know this caused inconvenience to some of our customers and partners, and we apologize for any disruption."
The breach affected 750,000 employees and retirees, along with 2.9 million customers, according to CNN.
It was first discovered in September, according to The Washington Post. Immediate disclosure from USPS would have jeopardized the remedial actions, including this past weekend's updates, according to the agency.
The Washington Post also reported that Chinese government hackers are suspected of the cyber attacks. The USPS has only described the attacker as a sophisticated actor who did not appear to be interested in identity theft or credit card fraud.
“It is an unfortunate fact of life these days that every organization connected to the Internet is a constant target for cyber intrusion activity,” Postmaster General Patrick Donahoe said in a statement to The Washington Post. “The United States Postal Service is no different. Fortunately, we have seen no evidence of malicious use of the compromised data and we are taking steps to help our employees protect against any potential misuse of their data.”
USPS is working with the FBI and other federal and postal agencies during this investigation. All USPS operations are functioning normally, according to authorities. Any suspected cases of identity theft should be reported to the FBI's Internet Crime Complaint Center at www.ic3.gov.
For more information, visit www.usps.com.