In a Reuters article today we learned that the US Postal Service (USPS) was victim of a cyber attack that may have compromised the personal data of more than 800,000 employees, as well as customers who contacted their call center between January and August of 2014.
Employee data includes names, date of birth, social security numbers, addresses, employee state and end dates, as well as emergency contact information.
“The intrusion
is limited in scope and all operations of the Postal Service are functioning normally,” USPS spokesman David Partenheimer said in a statement.
The intrusion also may have compromised data on people who contacted the Postal Service Customer Care Center by telephone or email from January through Aug. 16, he said.
Partenheimer said the attack was carried out by a “sophisticated actor” not interested in identity theft or credit card fraud.
Cybersecurity experts said it was too soon to know who was behind the attack but agreed the Postal Service was a rich target.
“There’s a lot of information there and it has great value,” to nation-states like China or cybercriminals in Russia,” said George Kurtz, chief executive of cybersecurity firm CrowdStrike.
“The U.S. Post Office moves billions of letters each year and all of that is captured digitally,” Kurtz told Reuters. “The information flow of where letters and packages and correspondence are going and who is talking to whom is very interesting to them.”
The Postal Service said it would pay for employees to get credit monitoring services for one year. The breach did not affect credit card data from retail or online services including Click-N-Ship, the Postal Store, PostalOne! or change of address services, it said.
More info on the egregious breach of data can be found here.