Cyber Monday Deal: Up to 60% off InvestingProCLAIM SALE

U.S. Postal Service data breach may compromise staff, customer details

Published 11/10/2014, 02:39 PM
© Reuters A view shows U.S. postal service mail boxes at a post office in Encinitas
HD
-
TGT
-

By Doina Chiacu WASHINGTON (Reuters) - The U.S. Postal Service was the victim of a cyber attack that may have compromised the personal information of more than 800,000 employees, as well as data on customers who contacted its call center during the first eight months of this year.

Employee data may include names, dates of birth, Social Security numbers, addresses, beginning and end dates of employment and emergency contact information, the Postal Service said on Monday.

"The intrusion is limited in scope and all operations of the Postal Service are functioning normally," USPS spokesman David Partenheimer said in a statement.

The intrusion also may have compromised data on people who contacted the Postal Service Customer Care Center by telephone or email from January through Aug. 16, he said.

Partenheimer said the attack was carried out by a "sophisticated actor" not interested in identity theft or credit card fraud.

Cybersecurity experts said it was too soon to know who was behind the attack but agreed the Postal Service was a rich target.

"There's a lot of information there and it has great value," to nation-states like China or cybercriminals in Russia," said George Kurtz, chief executive of cybersecurity firm CrowdStrike.

"The U.S. Post Office moves billions of letters each year and all of that is captured digitally," Kurtz told Reuters. "The information flow of where letters and packages and correspondence are going and who is talking to whom is very interesting to them."

The Postal Service said it would pay for employees to get credit monitoring services for one year. The breach did not affect credit card data from retail or online services including Click-N-Ship, the Postal Store, PostalOne! or change of address services, it said.

Employee data breaches often come ahead of a wider attack.

Edward Ferrara, vice president at Forrester Research, said the data could be used to launch secondary phishing attacks or to gain information about government cyber defenses.

The FBI is leading the investigation. A bureau spokesman declined to provide details.

The Postal Service breach follows a cyber attack reported in August at a firm that performs background checks for U.S. government employees, US Investigations Services (USIS), which compromised the data of at least 25,000 workers.

Cyber attacks on retail outlets, such as Home Depot Inc (N:HD) and Target Corp (N:TGT), have been much larger, affecting tens of millions of customers.

U.S. Representative Elijah Cummings asked Postmaster General Patrick Donahoe in a letter Monday for more information on the attack.

© Reuters. A view shows U.S. postal service mail boxes at a post office in Encinitas

"The increased frequency and sophistication of cyber-attacks upon both public and private entities highlights the need for greater collaboration to improve data security," wrote Cummings, the senior Democrat on the House of Representatives Oversight and Government Reform Committee.

(Editing by Susan Heavey, Ros Krasny and Bernadette Baum)

Latest comments

Risk Disclosure: Trading in financial instruments and/or cryptocurrencies involves high risks including the risk of losing some, or all, of your investment amount, and may not be suitable for all investors. Prices of cryptocurrencies are extremely volatile and may be affected by external factors such as financial, regulatory or political events. Trading on margin increases the financial risks.
Before deciding to trade in financial instrument or cryptocurrencies you should be fully informed of the risks and costs associated with trading the financial markets, carefully consider your investment objectives, level of experience, and risk appetite, and seek professional advice where needed.
Fusion Media would like to remind you that the data contained in this website is not necessarily real-time nor accurate. The data and prices on the website are not necessarily provided by any market or exchange, but may be provided by market makers, and so prices may not be accurate and may differ from the actual price at any given market, meaning prices are indicative and not appropriate for trading purposes. Fusion Media and any provider of the data contained in this website will not accept liability for any loss or damage as a result of your trading, or your reliance on the information contained within this website.
It is prohibited to use, store, reproduce, display, modify, transmit or distribute the data contained in this website without the explicit prior written permission of Fusion Media and/or the data provider. All intellectual property rights are reserved by the providers and/or the exchange providing the data contained in this website.
Fusion Media may be compensated by the advertisers that appear on the website, based on your interaction with the advertisements or advertisers.
© 2007-2024 - Fusion Media Limited. All Rights Reserved.