US Postal Service (USPS)ย has confirmed of a recent data breach in which personal data of its employees and customers contacting the UPS call center may have been compromised
The US Postal service said in a statement that some of itsย information systems were breached in a cyber intrusion in mid-September. The Washington post said that officials denied to comment on who they think to be behind the attack. however it is believed that hackers connected with state actors from Chinese Government may have been involved.
The intrusion may have caused the personal data ofย more than 800,000 employees being compromised includingย personally identifiable information about employees, including names, dates of birth, Social Security numbers, addresses, beginning and end dates of employment, emergency contact information and other information.
Customers personal data who contacted its customer care call center or connected its Customer care service via emailย betweenย ย Jan. 1, 2014, and Aug. 16, 2014 is also been compromised which includesย names, addresses, telephone numbers, email addresses and other information of the customers who provided it to UPS call center.
Thankfully, no credit or debit card related payment data was affected by the breach.
Postal Service transactional revenue systems in Post Offices as well as on usps.com where customers pay for services with credit and debit cards have not been affected by this incident. There is no evidence that any customer credit card information from retail or online purchases such as Click-N-Ship, the Postal Store, PostalOne!, change of address or other services was compromised. USPS said in a press release.
USPSย said Investigation is still going on which is lead by theย FBI,ย and joined by other federal and postal investigatory agencies. The letter written by UPS to all the affected employees as well as customers is reproduced below.
Nov. 10, 2014
Contact: David Partenheimer
[email protected]
202.268.2599Postal Service Statement on Cyber Intrusion Incident
The Postal Service has recently learned of a cyber security intrusion into some of our information systems. We began investigating this incident as soon as we learned of it, and we are cooperating with the investigation, which is ongoing. The investigation is being led by the Federal Bureau of Investigation and joined by other federal and postal investigatory agencies. The intrusion is limited in scope and all operations of the Postal Service are functioning normally.
Information potentially compromised in the incident may include personally identifiable information about employees, including names, dates of birth, Social Security numbers, addresses, beginning and end dates of employment, emergency contact information and other information.
Postal Service transactional revenue systems in Post Offices as well as on usps.com where customers pay for services with credit and debit cards have not been affected by this incident. There is no evidence that any customer credit card information from retail or online purchases such as Click-N-Ship, the Postal Store, PostalOne!, change of address or other services was compromised.
The intrusion also compromised call center data for customers who contacted the Postal Service Customer Care Center with an inquiry via telephone or e-mail between Jan. 1, 2014, and Aug. 16, 2014. This compromised data consists of names, addresses, telephone numbers, email addresses and other information for those customers who may have provided this information. At this time, we do not believe that potentially affected customers need to take any action as a result of this incident.
The privacy and security of data entrusted to us is of the utmost importance. We have recently implemented additional security measures designed to improve the security of our information systems, including certain actions this past weekend that caused certain systems to be off-line. We know this caused inconvenience to some of our customers and partners, and we apologize for any disruption.
We began communicating this morning with our employees about this incident, apologized to them for it, and have let them know that we will be providing them with credit monitoring services for one year at no charge to them. Employees also have the personalized assistance available to them provided by the Human Resources Shared Services Center. We are committed to helping our employees deal with this situation.
David Partenheimer
Manager, Media Relations
U.S. Postal Service
The FAQ about the intrusion put up by USPS is given below