Security breach reveals personal details of USPS employees and customers
The latest high-profile security breach has exposed the personal details of hundreds of thousand of USPS workers, as well as customers. The attack, which is suspected to originate from China, took place in the middle of September, but details are only just emerging. An investigation by the FBI started straight away and is still on-going.
USPS says that employee information such as "names, dates of birth, Social Security numbers, addresses, beginning and end dates of employment, emergency contact information" was compromised. The security breach also affects customers as call center data was obtained by the attackers, including "names, addresses, telephone numbers, email addresses".
The data of anyone who contacted Postal Service Customer Care Center between January 1 and August 16 is involved, but USPS stresses that there is no need for customers to take any action. It is not clear how many customers have been affected, but with more than 800,000 employees, the ramifications of the breach could be far-reaching.
USPS spokesman David Partenheimer said:
The privacy and security of data entrusted to us is of the utmost importance. We have recently implemented additional security measures designed to improve the security of our information systems, including certain actions this past weekend that caused certain systems to be off-line. We know this caused inconvenience to some of our customers and partners, and we apologize for any disruption.
This will come as little comfort to the employees whose personal data was revealed, but USPS has offered a year of free credit monitoring to help curtail any financial implication of the breach.
China has previously been accused of other security attacks on personal data, so this is far from unprecedented. Globally, there is something of a cold war situation as nations test the technological defenses of other countries. Former NSA general counsel Stewart A. Baker said:
It's perfectly appropriate for us to do everything we can to embarrass and punish the Chinese if they're in our systems, whether or not we're in theirs. It's the case that the US and Russia and other countries are much more cautious about getting caught because they think there are going to be consequences.
USPS said that payment system were not affected by the attack, pointing out that Click-N-Ship, the Postal Store, PostalOne!, change of address, and payments made on usps.com were not compromised.