Enough Is Enough: USPS Announces Data Breach
Adding to the flood of breaches in 2014, the United States Postal Service revealed that it was the victim of a cyber attack that compromised the information of more than 800,000 employees, directors and regulators, as well as the data of customers who contacted its call center between January and August of this year.
Those at risk include employees, retirees, employees of the Postal Regulatory Commission, the U.S. Postal Inspection Service and the Postal Service Office of Inspector General. Employee data could include: names, social security numbers, dates of birth, addresses, employment dates and emergency contact information.
"Fortunately, we have seen no evidence of malicious use of the compromised data and we are taking steps to help our employees protect against any potential misuse of their data," Postmaster General Patrick Donahoe said in a statement. In the meantime, systems have been significantly strengthened to prevent future attacks.
"The intrusion is limited in scope and all operations of the Postal Service are functioning normally," said USPS spokesman David Partenheimer in a statement.
Additional data may have been compromised on customers that contacted the Postal Service Customer Care Center by telephone or email during the same period. According to the Postal Service, its revenue systems including post offices and online, were not compromised and the information of credit and debit card customers is therefore safe. Additionally, the breach did not affect credit card data from retail or online services, including Click-N-Ship, the Postal Store, PostalOne! or change of address services.
While the source of the attack is still under investigation, it is evident that the attack was carried out by a "sophisticated person or group," said Partenheimer. "It looks similar to patterns that other government agencies and large corporations had experienced."
The FBI is leading the investigation.
The Postal Service held two briefings (October 22 and November 7) to update the staff of the House Committee on Oversight and Government Reform on potential attackers and the scope of the breach, according to a letter released by ranking member Rep. Elijah E. Cummings. The letter, addressed to the postmaster general, requested more information on the attack.
"The increasing number of cyber attacks in both the public and private sectors is unprecedented and poses a clear and present danger to our nation's security," said Rep. Cummings, adding that officials have warned that more than 500 million financial records have been stolen by hackers over the past 12 months.
Those at risk include employees, retirees, employees of the Postal Regulatory Commission, the U.S. Postal Inspection Service and the Postal Service Office of Inspector General. Employee data could include: names, social security numbers, dates of birth, addresses, employment dates and emergency contact information.
"Fortunately, we have seen no evidence of malicious use of the compromised data and we are taking steps to help our employees protect against any potential misuse of their data," Postmaster General Patrick Donahoe said in a statement. In the meantime, systems have been significantly strengthened to prevent future attacks.
"The intrusion is limited in scope and all operations of the Postal Service are functioning normally," said USPS spokesman David Partenheimer in a statement.
Additional data may have been compromised on customers that contacted the Postal Service Customer Care Center by telephone or email during the same period. According to the Postal Service, its revenue systems including post offices and online, were not compromised and the information of credit and debit card customers is therefore safe. Additionally, the breach did not affect credit card data from retail or online services, including Click-N-Ship, the Postal Store, PostalOne! or change of address services.
While the source of the attack is still under investigation, it is evident that the attack was carried out by a "sophisticated person or group," said Partenheimer. "It looks similar to patterns that other government agencies and large corporations had experienced."
The FBI is leading the investigation.
The Postal Service held two briefings (October 22 and November 7) to update the staff of the House Committee on Oversight and Government Reform on potential attackers and the scope of the breach, according to a letter released by ranking member Rep. Elijah E. Cummings. The letter, addressed to the postmaster general, requested more information on the attack.
"The increasing number of cyber attacks in both the public and private sectors is unprecedented and poses a clear and present danger to our nation's security," said Rep. Cummings, adding that officials have warned that more than 500 million financial records have been stolen by hackers over the past 12 months.