Security Watch

Keeping Track of patches and hacks in the IT security world.

U.S. Postal Service Breach Puts Employees, Some Customers at Risk

Call center data was compromised, impacting up to 800,000 employees, as well as an undisclosed number of customers.


The United States Postal Service (USPS) today revealed that it was the victim of a cyber-intrusion incident against its systems. The USPS emphasized in a statement that all operations are currently working normally and that the intrusion was limited in scope.

According to a statement from the USPS sent to eWEEK, "Information potentially compromised in the incident may include personally identifiable information about employees, including names, dates of birth, Social Security numbers, addresses, beginning and end dates of employment, emergency contact information and other information."

Although the USPS statement does not indicate the scope, a report in the Washington Post alleges that 800,000 employees are at risk.

The USPS also notes that an undisclosed number of customers may have been impacted if they contacted the post office's customer care centers with an email or phone inquiry between Jan. 1 and Aug. 16, 2014. For customers, the USPS has noted that phone and email information may have been stolen.

There is no evidence that credit card information was stolen from either the employee or customer information that attackers may have obtained.

In terms of who may be responsible, the USPS stated that the Federal Bureau of Investigation (FBI) and other federal agencies are investigating the incident. The Washington Post report alleges that hackers in China are behind the USPS attack.

At the end of October, the White House network was breached, allegedly by attackers in Russia. In the White House incident, network administrators took part of the network offline to limit risk. The USPS also took part of its network offline to fix the issue.

"We have recently implemented additional security measures designed to improve the security of our information systems, including certain actions this past weekend that caused certain systems to be off-line," the USPS said in a statement.

The fact that no financial information was stolen from the USPS doesn't make the event any less important. Attackers now have information on USPS employees that potentially could be a gateway to some other malicious activities. The bottom line here is that in the modern world, all systems are targets, whether from common criminals or nation-state attacks.

Sean Michael Kerner is a senior editor at eWEEK and Follow him on Twitter @TechJournalist.

Sean Michael Kerner

Sean Michael Kerner

Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.