According to the agency, over 800,000 employees of the USPS have had their personal data stolen from the postal service’s servers. When you consider that the USPS employs just under 500,000 people (below 800,000 in the 90’s) then you realize that the data stolen includes both current and former employees of the USPS. The data breach mostly affects employees of the USPS rather than customers who may have done business with them. They do state that the USPS’ customers that have done business with them between the months of July and August may have had their contact information lost, but no credit card or payment data was obtained by the hackers.
The USPS has a long and detailed FAQ that answers consumers questions about the data breach and whether or not their data has been compromised. The interesting thing about this breach is that it isn’t a typical breach where hackers are going after customer data or going after credit card data or passwords. The hackers in this specifically went after the employee data of the USPS and were able to gain access to what appears to be all of it. The USPS isn’t clearly saying what employee data had been stolen, but the USPS official release states that it the data stolen includes, “The employee information potentially compromised in the incident included some employee personally identifiable information (PII), such as names, dates of birth, Social Security numbers, addresses and other information including beginning and end dates of employment, and emergency contact information.”
The other huge problem with this breach is that the USPS did not communicate this breach, which occurred in mid-September until now, almost two whole months later. This would mean that the employees that got hacked have had their information out and about without their knowledge for the past two months which means anyone could have caused financial ruin for the employees of the USPS. The fact is that the American Postal Workers Union should be absolutely up in arms about this and should sue the USPS for breaching their duty to protect and properly notify their employees of such risks in a timely fashion. We’ve already gotten quite angry with retailers taking a month to tell us that our credit card numbers have been stolen, yet even more personal potentially ruining data was kept from USPS employees for nearly 2 months.
There are currently no official suspects or leads in the case, but some publications are indicating that the attack may have come from Chinese hackers.
There is one more interesting tidbit in this USPS story, and that’s the fact that the USPS has taken this event as an opportunity to take a dig at the New York Times for their piece about the USPS and their involvement in tracking Americans’ mail. Here is the question and answer, verbatim.
Q: I’m concerned about a New York Times article that mentioned “surveillance” of mail. Is this connected with the cyber-intrusion incident and what is meant by “mail covers”?
A: The New York Times article is unrelated to the cyber breach. The New York Times article titled ‘Report Reveals Wider Tracking of Mail in U.S.’ published on Tuesday, October 28, 2014 is extremely disappointing. The article is inaccurate and unfairly presents a one-sided version of the facts. First and foremost, the United State Postal Service respects the privacy of its customers and the sanctity of the mail. Contrary to what is suggested in the article, the Postal Service does not monitor the mail behavior of its customers and it does not maintain any system or program of so-called “surveillance.” Unfortunately, and perhaps to create a news story where there is none, the New York Times article conflates three independent mail programs in order to create the wholly false impression that there is some vast mail monitoring system in operation. While such an assertion may make for a more interesting news article – it is not based on the facts. Mail covers are used for criminal investigations. The increased use of mail covers in 2013 and 2014 is connected to single packages investigated involving illegal drug shipments. Eighty percent of all mail covers in 2014 were related to these important investigations. All other mail covers have actually decreased by more than 30 percent since 2012. It is unfortunate that the New York Times presented such a distorted view of the facts. Its readership would have benefited from a more even-handed approach. The Postal Service processed and delivered 158 billion pieces of mail last year, of which only a tiny percentage was subjected to the mail cover process. The people who need to be concerned about mail covers are those who use the U.S. Mail to ship illegal drugs or who are otherwise breaking the law.