The US Postal Service (USPS) announced Monday that it was the victim of a cyberattack. The initial release offered little information on what type of data was compromised other than employee information that “may include personally identifiable information about employees, including names, dates of birth, Social Security numbers, addresses, beginning and end dates of employment, emergency contact information and other information,” and some call center data from the beginning of 2014 to mid-August.
The breach was discovered in September and reported to Congress on Oct. 22 in a classified briefing. Transactional information from USPS.com and branches were not breached during the attack.
A USPS spokesman told NPR that more than 800,000 employees could be affected. The origin of the attack is unclear at this time but the Washington Post speculated that it may be China, yet again, on a tip from an anonymous source. The breach comes at the same time President Obama is visiting China in an effort to find some common ground on several issues which may include cybersecurity.
“A joint working group set up to tackle cybercrime abruptly stopped meeting after American prosecutors filed hacking charges against several Chinese military officers,” reported the New York Times. “Mr. Obama raised the issue of cybercrime with Mr. Xi at their first leader-to-leader meeting at the Sunnylands estate in Rancho Mirage, Calif., in June 2013. By all accounts, that conversation did not go well, and the dialogue has only gotten testier since then.”
Last week Admiral Mike Rogers, the director of the National Security Agency and commander of US Cyber Command, spoke at a question and answer session at Stanford University’s Center for International Security & Cooperation. He said nation states are definitely involved in cyber attacks against the US and “most of them have come to the conclusion that there is little risk of having to pay a price for this is in real terms.”
Hacks originating in China are sometimes politically motivated and serious enough the the US government considered blocking visas to Chinese nationals that want to attend popular US hacking conferences. Earlier this year the New York Times reported that Chinese hackers accessed US government networks looking for information regarding employees who applied for security clearance.
The USPS joins the long list of organizations hacked this year. Banking giant JP Morgan, Target, Neiman Marcus, Home Depot, Kmart and Dairy Queen have all had issues with cybersecurity attacks or malware. Andrew Avanessian, EVP of Avecto Consultancy & Technology Services revealed in an interview with the WHIR that the majority of cybersecurity attacks and malware downloads can be avoided with simple security measures.
Frequency of cybersecurity breaches and hacks are causing people anxiety. A recent Harris poll found American’s concern over cybersecurity is even higher than worries over national security.
Forrester security analyst Edward Ferrara told USA Today that the USPS hack is an opportunity for criminals to learn how the US government networks function. “Everyone realizes that the next true conflict that’s going to be fought is going to be launched not with an artillery barrage but a cyber barrage,” Ferrara said in the report.
The USPS said that it is committed to helping its employees deal with the situation. It is offering a year of credit monitoring services for free for one year. It will also have help provided by the Human Resources Shared Services Center.
“The privacy and security of data entrusted to us is of the utmost importance. We have recently implemented additional security measures designed to improve the security of our information systems, including certain actions this past weekend that caused certain systems to be off-line,” USPS Manager of Media Relations David Partenheimer said in a prepared statement. “We know this caused inconvenience to some of our customers and partners, and we apologize for any disruption.”