FBI Investigating Postal Service Cyber Attack
The U.S. Postal Service announced Nov. 10 that it had recently learned of a cyber security intrusion into some of its information systems. Employees' information, not customers' data, may have been compromised.
The U.S. Postal Service and several other agencies are investigating a cyber attack on the USPS information systems, the agency announced Nov. 10, adding that employees' data, rather than customers' sensitive information, may have been compromised. USPS posted a FAQ document about the intrusion that said, "We are unaware of any evidence that any of the compromised information has been used to engage in any malicious activity."
USPS has more than 500,000 employees -- about 490,000 career employees and another 137,037 non-career employees as of Jan. 21, 2014, according to data available on its website. USPS said it is offering employees one year of free credit monitoring but is not offering that to customers because its investigation has not shown there is any need for customer credit monitoring as a result of this intrusion. The investigation also has found no evidence of any customer data being compromised from the passport application process.
"We are working closely with the Federal Bureau of Investigation, Department of Justice, the USPS Office of Inspector General, the Postal Inspection Service and the U.S. Computer Emergency Readiness Team. The Postal Service has also brought in private sector specialists in forensic investigation and data systems to assist with the investigation and remediation to ensure that we are approaching this event in a comprehensive way, understanding the full implications of the cyber intrusion and putting in place safeguards designed to strengthen our systems," one answer in the document explained.
The FBI is leading the investigation.
"[Employee] information potentially compromised in the incident may include personally identifiable information about employees, including names, dates of birth, Social Security numbers, addresses, beginning and end dates of employment, emergency contact information and other information," according to the USPS statement. "Postal Service transactional revenue systems in Post Offices as well as on usps.com where customers pay for services with credit and debit cards have not been affected by this incident. There is no evidence that any customer credit card information from retail or online purchases such as Click-N-Ship, the Postal Store, PostalOne!, change of address or other services was compromised. The intrusion also compromised call center data for customers who contacted the Postal Service Customer Care Center with an inquiry via telephone or e-mail between Jan. 1, 2014, and Aug. 16, 2014. This compromised data consists of names, addresses, telephone numbers, email addresses and other information for those customers who may have provided this information. At this time, we do not believe that potentially affected customers need to take any action as a result of this incident."