The United States Postal Service (USPS) announced on Monday that an investigation is underway – led by the FBI and joined by other federal and postal investigatory agencies – with regard to a cyber security intrusion into some of its information systems.
More than 800,000 USPS employees may be affected, including those that work for USPS' regulator, the Postal Regulatory Commission, as well as for the Postal Inspection Service and the Postal Service Office of Inspector General (OIG), David Partenheimer, manager of media relations with the USPS, told SCMagazine.com in a Monday email correspondence.
The employee information that may have been compromised includes names, addresses, dates of birth, Social Security numbers, beginning and end dates of employment and emergency contact information, according to a release issued on Monday by Partenheimer, which adds that other information may have been affected as well.
The incident also affected call center data, the release indicated. Customers who made telephone or email inquiries to the Postal Service Customer Care Center between Jan. 1 and Aug. 16 may have had information compromised, including names, addresses, telephone numbers, email addresses and other information.
“The number of customers impacted by calling the Customer Care Center is under investigation,” Partenheimer told SCMagazine.com. “No social security information was involved in those cases.”
The source of the attack is currently under investigation, Partenheimer said, but The Washington Post reported on Monday that Chinese government hackers are suspected of breaching the computer networks of the USPS.
“Postal Service transactional revenue systems in Post Offices as well as on usps.com where customers pay for services with credit and debit cards have not been affected by this incident,” the release indicates. “There is no evidence that any customer credit card information from retail or online purchases such as Click-N-Ship, the Postal Store, PostalOne!, change of address or other services was compromised.”
USPS has taken steps to improve the security of its information systems, and began notifying all employees of the incident on Monday morning, the release indicates, adding that staffers will be offered a free year of credit monitoring services. Customers whose call center data was possibly compromised do not need to take any action, according to the release.
In a statement emailed to SCMagazine.com on Monday, Edward Ferrara, security analyst at Forrester Research, said that this could be an example of nation state adversaries looking for information to be used in phishing attacks or fraud.
“This could also be an attempt to further probe aspects of the United States government's cyber defenses in the unclassified areas of government operations,” Ferrara said.