The U.S. Postal Service today reported that it has been the victim of a data breach which has potentially disclosed personal information not only about 500,000 USPS personnel, but also regarding customers who dealt with its call centre between January and August of 2014.
The USPS said in a statement: “The Postal Service has recently learned of a cyber security intrusion into some of our information systems. We began investigating this incident as soon as we learned of it,”
The details said to have been compromised are not believed to have included credit card or other financial critical information, but does include contact details including names and addresses, email addresses and phone details. The USPS runs an array of online and retail services, including PostalOne!, Postal Store and Click-N-Ship, but customer data regarding these services are also said not to have been made available during the attack.
The USPS has previously vaunted its invulnerability to cyber-attacks because of its use of the ‘relentless weapon’, the Corporate Information Security Office (CISO). The release reads: “Employees count on electronic communications for information sharing and financial transactions. That’s why the Postal Service™ aggressively protects customer and employee data by employing a relentless internal weapon — the Corporate Information Security Office (CISO).”
CISO gave advice about network security in the wake of the data incursion which exposed the details of 145mn Ebay users earlier this year.
According to the informational page about the Postal Service’s cyber-security, there were over 257 billion unauthorised attempts to access the USPS network, 66,734 attempts to distribute credit-card information, 1,278 attempts to reveal USPS-ordained credit-card transactions and 345,342 attempts to distribute social security numbers.
Though the FBI is reported to be investigating the incursion, no further details have been released about the manner or method of the attack on the USPS.