U.S. Postal Service Targeted In Cyber Attack; Customer, Employee Data Breached

Benjamin Franklin, first Postmaster General. Source: screen shot from USPS illustrated booklet, "The United States Postal Service: An American History, 1775-2006."

Benjamin Franklin, first Postmaster General. Source: screen shot from USPS illustrated booklet, “The United States Postal Service: An American History, 1775-2006.”

There have been cyber attacks on banks, retail outlets, U.S. government sites and sites operated by U.S. government contractors.

And now the FBI is investigating an attack on the U.S. Postal Service.

In some ways, the attack might be viewed by Americans as the most personally violative to date. Virtually the whole of America — from the largest of cities to the smallest of towns — has contact with USPS six days a week. In 1775, U.S. founding father Benjamin Franklin was appointed by the Continental Congress as the first postmaster general of the fledgling Democracy. The famous “Pony Express” would not begin for another 85 years.

Early reports have described the attack as massive, one that has affected 2.9 million USPS customers and hundreds of thousands of USPS employees.

From a statement by USPS (italics added):

The Postal Service has recently learned of a cyber security intrusion into some of our information systems. We began investigating this incident as soon as we learned of it, and we are cooperating with the investigation, which is ongoing. The investigation is being led by the Federal Bureau of Investigation and joined by other federal and postal investigatory agencies. The intrusion is limited in scope and all operations of the Postal Service are functioning normally.

Information potentially compromised in the incident may include personally identifiable information about employees, including names, dates of birth, Social Security numbers, addresses, beginning and end dates of employment, emergency contact information and other information.

Postal Service transactional revenue systems in Post Offices as well as on usps.com where customers pay for services with credit and debit cards have not been affected by this incident. There is no evidence that any customer credit card information from retail or online purchases such as Click-N-Ship, the Postal Store, PostalOne!, change of address or other services was compromised.

The intrusion also compromised call center data for customers who contacted the Postal Service Customer Care Center with an inquiry via telephone or e-mail between Jan. 1, 2014, and Aug. 16, 2014. This compromised data consists of names, addresses, telephone numbers, email addresses and other information for those customers who may have provided this information. At this time, we do not believe that potentially affected customers need to take any action as a result of this incident.

The privacy and security of data entrusted to us is of the utmost importance. We have recently implemented additional security measures designed to improve the security of our information systems, including certain actions this past weekend that caused certain systems to be off-line. We know this caused inconvenience to some of our customers and partners, and we apologize for any disruption.

We began communicating this morning with our employees about this incident, apologized to them for it, and have let them know that we will be providing them with credit monitoring services for one year at no charge to them. Employees also have the personalized assistance available to them provided by the Human Resources Shared Services Center. We are committed to helping our employees deal with this situation.

 

About the Author

One Response to “U.S. Postal Service Targeted In Cyber Attack; Customer, Employee Data Breached”

  1. Now, the National Oceanic and Atmospheric Administration, which includes the National Weather Service.

    http://www.washingtonpost.com/local/chinese-hack-us-weather-systems-satellite-network/2014/11/12/bef1206a-68e9-11e4-b053-65cea7903f2e_story.html

    Patrick