FBI Investigating Postal Service Cyber Attack

The U.S. Postal Service announced Nov. 10 that it had recently learned of a cyber security intrusion into some of its information systems. Employees' information, not customers' data, may have been compromised.

The U.S. Postal Service and several other agencies are investigating a cyber attack on the USPS information systems, the agency announced Nov. 10, adding that employees' data, rather than customers' sensitive information, may have been compromised. USPS posted a FAQ document about the intrusion that said, "We are unaware of any evidence that any of the compromised information has been used to engage in any malicious activity."

USPS has more than 500,000 employees -- about 490,000 career employees and another 137,037 non-career employees as of Jan. 21, 2014, according to data available on its website. USPS said it is offering employees one year of free credit monitoring but is not offering that to customers because its investigation has not shown there is any need for customer credit monitoring as a result of this intrusion. The investigation also has found no evidence of any customer data being compromised from the passport application process.

"We are working closely with the Federal Bureau of Investigation, Department of Justice, the USPS Office of Inspector General, the Postal Inspection Service and the U.S. Computer Emergency Readiness Team. The Postal Service has also brought in private sector specialists in forensic investigation and data systems to assist with the investigation and remediation to ensure that we are approaching this event in a comprehensive way, understanding the full implications of the cyber intrusion and putting in place safeguards designed to strengthen our systems," one answer in the document explained.

The FBI is leading the investigation.

"[Employee] information potentially compromised in the incident may include personally identifiable information about employees, including names, dates of birth, Social Security numbers, addresses, beginning and end dates of employment, emergency contact information and other information," according to the USPS statement. "Postal Service transactional revenue systems in Post Offices as well as on usps.com where customers pay for services with credit and debit cards have not been affected by this incident. There is no evidence that any customer credit card information from retail or online purchases such as Click-N-Ship, the Postal Store, PostalOne!, change of address or other services was compromised. The intrusion also compromised call center data for customers who contacted the Postal Service Customer Care Center with an inquiry via telephone or e-mail between Jan. 1, 2014, and Aug. 16, 2014. This compromised data consists of names, addresses, telephone numbers, email addresses and other information for those customers who may have provided this information. At this time, we do not believe that potentially affected customers need to take any action as a result of this incident."

Download Center

HTML - No Current Item Deck
  • Free Safety Management Software Demo

    IndustrySafe Safety Management Software helps organizations to improve safety by providing a comprehensive toolset of software modules to help businesses identify trouble spots; reduce claims, lost days, OSHA fines; and more.

  • Complete Online Safety Training Courses

    Deliver state-of-the art, online safety training courses to your organization with IndustrySafe Training Management Software. Generate reports to track training compliance and automatically notify learners of upcoming or overdue classes.

  • Easy to Use Safety Inspection App

    Conduct inspections on the go with IndustrySafe’s mobile app. Complete safety audits at job sites and remote locations—with or without web access.

  • Track Key Safety Performance Indicators

    IndustrySafe’s Dashboard Module allows organizations to easily track safety KPIs and metrics. Gain increased visibility into your business’ operations and safety data.

  • Analyze Incident Data and Maintain OSHA Compliance

    Collect relevant incident data, analyze trends, and generate accurate regulatory reports, including OSHA 300, 300A, and 301 logs, through IndustrySafe’s extensive incident reporting and investigation module.

  • Industry Safe
comments powered by Disqus