USPS Confirms Security Breach
This post has been updated with USPS Statement below.
The United States Postal Service has confirmed they have suffered a security breach that will affect at least 800,000 employees and customers who may have contacted the agency between Jan. 1 2014 and Aug. 16 2014. The hackers have been traced to the Chinese government and personal information is what the hackers have obtained. Federal agencies are already investigating including the FBI and our inside source indicates that initial media reports are downplaying the gravity of the situation.
“It’s an unfortunate fact of life these days that every organization connected to the Internet is a constant target for cyber intrusion activity,” Postmaster General and CEO Patrick Donahoe said.
“This compromised data consists of names, addresses, telephone numbers, email addresses and other information for those customers who may have provided this information. At this time, we do not believe that potentially affected customers need to take any action as a result of this incident,” the agency said.
The USPS was notified of the breach in September but did not take action until this weekend, a USPS spokesperson said acting too quickly would have resulted in more data being breached. For now this is all very cloak and dagger and currently this all the information we have on this security breach but we will update this post if we happen to get more information come through. For now it seems the damage is contained to employees personal information and customers who contacted the USPS via phone or email.
UPDATE – USPS Statement
Postal Service Statement on Cyber Intrusion Incident
The Postal Service has recently learned of a cyber security intrusion into some of our
information systems. We began investigating this incident as soon as we learned of it,
and we are cooperating with the investigation, which is ongoing. The investigation is
being led by the Federal Bureau of Investigation and joined by other federal and postal
investigatory agencies. The intrusion is limited in scope and all operations of the Postal
Service are functioning normally.
Information potentially compromised in the incident may include personally identifiable
information about employees, including names, dates of birth, Social Security numbers,
addresses, beginning and end dates of employment, emergency contact information and
Postal Service transactional revenue systems in Post Offices as well as on usps.com
where customers pay for services with credit and debit cards have not been affected by
this incident. There is no evidence that any customer credit card information from retail
or online purchases such as Click-N-Ship, the Postal Store, PostalOne!, change of
address or other services was compromised.
The intrusion also compromised call center data for customers who contacted the Postal
Service Customer Care Center with an inquiry via telephone or e-mail between Jan. 1,
2014, and Aug. 16, 2014. This compromised data consists of names, addresses,
telephone numbers, email addresses and other information for those customers who may
have provided this information. At this time, we do not believe that potentially affected
customers need to take any action as a result of this incident.
The privacy and security of data entrusted to us is of the utmost importance. We have
recently implemented additional security measures designed to improve the security of
our information systems, including certain actions this past weekend that caused certain
systems to be off-line. We know this caused inconvenience to some of our customers
and partners, and we apologize for any disruption.
We began communicating this morning with our employees about this incident,
apologized to them for it, and have let them know that we will be providing them with
credit monitoring services for one year at no charge to them. Employees also have the
personalized assistance available to them provided by the Human Resources Shared
Services Center. We are committed to helping our employees deal with this situation.
Manager, Media Relations
U.S. Postal Service