U.S. Postal Service Confirms Data Breach

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.databreachtoday.com/us-postal-service-confirms-data-breach-a-7545

The Federal Bureau of Investigation is leading an investigation into a data
breach at the U.S. Postal Service, which affected employees and customers.

In a Nov. 10 statement, which provides few details, USPS says it recently
learned of a "cybersecurity intrusion" into some of its information
systems. All operations are now functioning normally, according to the
statement.

More than 800,000 employees were impacted in the breach, says David
Partenheimer, spokesperson for the USPS. Employee information potentially
compromised includes names, dates of birth, Social Security numbers,
addresses, beginning and end dates of employment and emergency contact
information.

Customers who contacted the Postal Service Customer Care Center with an
inquiry via telephone or e-mail between Jan. 1 and Aug. 16 were also
potentially affected, athough USPS is still investigating the exact number
of individuals impacted, Partenheimer says. Potentially compromised
customer details include names, addresses, telephone numbers and e-mail
addresses.

CNN, citing a U.S. official familiar with the breach, says 2.9 million
postal service customers were affected by the breach.

Some news reports are indicating China may be behind the attacks, though
Partenheimer says he cannot confirm that because "the source of the
intrusion is under investigation."

Transactional systems in post offices, as well as on usps.com, where
customers pay for services with credit and debit cards, have not been
affected by the breach, USPS says. There is also no evidence that any
customer credit card information from retail or online purchases, such as
Click-N-Ship, the Postal Store, PostalOne!, change of address or other
services was compromised, officials say.

No Evidence of Fraud

The USPS says it's not aware of any evidence that any of the potentially
compromised customer or employee information has been used to engage in
malicious activity.

Impacted individuals are being offered one year of free identity theft
protection services, Partenheimer says.

In addition to the FBI, the USPS is working on the investigation with the
Department of Justice, the USPS Office of Inspector General, the Postal
Inspection Service and the U.S. Computer Emergency Readiness Team.
Private-sector specialists have also been brought in to assist in the
investigation and remediation.

"We have recently implemented additional security measures designed to
improve the security of our information systems, including certain actions
this past weekend that caused certain systems to be offline," Partenheimer
says. "We know this caused inconvenience to some of our customers and
partners, and we apologize for any disruption."

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!