BreachExchange mailing list archives
U.S. Postal Service Confirms Data Breach
From: Audrey McNeil <audrey () riskbasedsecurity com>
Date: Mon, 10 Nov 2014 19:12:50 -0700
http://www.databreachtoday.com/us-postal-service-confirms-data-breach-a-7545 The Federal Bureau of Investigation is leading an investigation into a data breach at the U.S. Postal Service, which affected employees and customers. In a Nov. 10 statement, which provides few details, USPS says it recently learned of a "cybersecurity intrusion" into some of its information systems. All operations are now functioning normally, according to the statement. More than 800,000 employees were impacted in the breach, says David Partenheimer, spokesperson for the USPS. Employee information potentially compromised includes names, dates of birth, Social Security numbers, addresses, beginning and end dates of employment and emergency contact information. Customers who contacted the Postal Service Customer Care Center with an inquiry via telephone or e-mail between Jan. 1 and Aug. 16 were also potentially affected, athough USPS is still investigating the exact number of individuals impacted, Partenheimer says. Potentially compromised customer details include names, addresses, telephone numbers and e-mail addresses. CNN, citing a U.S. official familiar with the breach, says 2.9 million postal service customers were affected by the breach. Some news reports are indicating China may be behind the attacks, though Partenheimer says he cannot confirm that because "the source of the intrusion is under investigation." Transactional systems in post offices, as well as on usps.com, where customers pay for services with credit and debit cards, have not been affected by the breach, USPS says. There is also no evidence that any customer credit card information from retail or online purchases, such as Click-N-Ship, the Postal Store, PostalOne!, change of address or other services was compromised, officials say. No Evidence of Fraud The USPS says it's not aware of any evidence that any of the potentially compromised customer or employee information has been used to engage in malicious activity. Impacted individuals are being offered one year of free identity theft protection services, Partenheimer says. In addition to the FBI, the USPS is working on the investigation with the Department of Justice, the USPS Office of Inspector General, the Postal Inspection Service and the U.S. Computer Emergency Readiness Team. Private-sector specialists have also been brought in to assist in the investigation and remediation. "We have recently implemented additional security measures designed to improve the security of our information systems, including certain actions this past weekend that caused certain systems to be offline," Partenheimer says. "We know this caused inconvenience to some of our customers and partners, and we apologize for any disruption."
_______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss For inquiries regarding use or licensing of data, e-mail sales () riskbasedsecurity com Supporters: Risk Based Security (http://www.riskbasedsecurity.com/) YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus on the right security. If you need security help or want to provide real risk reduction for your clients contact us!
Current thread:
- U.S. Postal Service Confirms Data Breach Audrey McNeil (Nov 17)