USPS newest federal agency to suffer a data breach

Nov 11, 2014

USPS Envelopes.jpgIt was announced this week that the United States Postal Service’s computer networks were hacked by attackers believed to be backed by the Chinese government.

The personal information of more than 800,000 employees, including the Postmaster General, was compromised during the breach. Employees of the Postal Regulatory Commission were also affected by the attack, as their personnel data was stored in a payroll system shared with USPS that was breached. Information exposed in the attack included names, addresses, Social Security numbers and dates of birth. Customers who contacted the Postal Service Customer Care Center by phone or through email between Jan. 1 and Aug. 16 were also affected by the intrusion, though officials have said that no financial data was taken.

According to USPS, the attacker appears to be sophisticated and has little interest in committing credit card fraud or identity theft.

“It is an unfortunate fact of life these days that every organization connected to the Internet is a constant target for cyber intrusion activity,” said Postmaster General Patrick Donahoe in a statement. “The United States Postal Service is no different. Fortunately, we have seen no evidence of malicious use of the compromised data and we are taking steps to help our employees protect against any potential misuse of their data.”

Cyber relations with China remain rocky
News of the breach was released by the USPS at the same time as President Obama’s arrival in China to attend an economic summit and participate in high-level talks with President Xi Jinping. While China has consistently denied that its government is involved in cybertheft, many security experts have noted similarities between the USPS breach and previous intrusions of federal IT services, including those affecting the Office of Personnel Management and government contractor USIS.

James Lewis, an expert on cyberpolicy at the Center for Strategic and International Studies, said that China is likely targeting the USPS in an effort to amass large sets of data to analyze in order to gain previously unknown insights. Lewis also said that China most likely mistakenly assumed that the USPS stores massive amounts of information on U.S. citizens like the Chinese post office does with theirs.

“They’re just looking for big pots of data on government employees,” said Lewis in an interview with The Washington Post. “For the Chinese, this is probably a way of building their inventory on U.S. persons for counterintelligence and recruitment purposes.”

The attack was discovered by the agency in mid-September, according to USPS officials, and the FBI is now heading an investigation into the matter. While the agency began planning how to remediate the effects of the breach immediately after they were made aware of it, the steps needed to repair the intrusion were not taken until last week, the Post reported.

Leaders of the House Oversight and Government Reform Committee have expressed outrage over the length of time it took the agency to inform employees of the breach. The committee is now “seeking information about why the administration waited two months before making the news of this attack public and preventing victims from taking proactive measures to secure their own information,” Nextgov reported.

Category: Cybersecurity