Source:
US Postal Service says it was victim of data breach
by Wall Street Journal,
2014-11-11 17:39:06.0
MORE than 800,000 people, including employees, top directors and regulators, could be affected by a computer systems breach that may have compromised data including names, social security numbers and addresses, the US Postal Service said on Monday.
Employees, some retirees and staffers of the Postal Regulatory Commission, the US Postal Inspection Service and the Postal Service Office of the Inspector-General have been affected, the Postal Service said.
An unknown number of customers could also have been affected, though not to the same degree, officials said.
"Fortunately, we have seen no evidence of malicious use of the compromised data and we are taking steps to help our employees protect against any potential misuse of their data," Postmaster-General Patrick Donahoe said in a statement.
The organisation, he added, has significantly strengthened its systems to prevent future attacks.
The Postal Service said its revenue systems — including at post offices and online — weren’t compromised, and customers’ credit and debit card information weren’t affected.
However, customers who called the Postal Service’s customer-care centre between January 1 and August 16 may have had less-sensitive information — such as names, addresses, telephone numbers and e-mails — compromised.
Affected customers shouldn’t have to take any action, the postal service said. The agency was first alerted to suspicious activity in mid-September, and hackers breached its information systems some time after that, said spokesman David Partenheimer.
While the agency took immediate action, including bringing in experts to investigate and stop the attacks, it is only now informing the public and employees because it could have jeopardised remediation efforts, he said.
The source of the attack is still under investigation. It was "obviously done by a sophisticated person or group," Mr Partenheimer said.
"It looks like a similar pattern that other government agencies and large corporations had experienced."
In late October, a White House official said hackers recently had targeted computers there.
In July, US authorities said they were investigating an apparent breach of computer systems at the federal Office of Personnel Management, which stores data on federal employees.
In that instance, personnel records for federal employees applying for a security clearance were stolen from the government and one of its background check contractors. Federal investigators concluded China was behind the incident.
Investigators see some ties in the Postal Service breach to the government intrusions that were linked to China through digital evidence. The unknown hackers took similar, if less sensitive, data from the Postal Service. One person briefed on the probe said there was evidence pointing to China, but declined to elaborate.
The Washington Post earlier reported on the belief that Chinese hackers may have been behind the postal service hack. There also have been reports of high-profile data theft at companies, including Home Depot, Target and JPMorgan Chase, which resulted in the exposure of millions of customers’ data in the past year.
US corporate data thefts often have come from hackers based in China, Russia or the former Soviet Union, though that doesn’t mean the cyber attacks involve those governments. Hackers in those countries can act on their own and sell stolen data to other organisations, just like in the US.
The Federal Bureau of Investigation (FBI), which is leading the probe into the breach, advised postal employees to monitor and safeguard their personally identifiable information, and report suspected identity theft to its internet crime complaint centre.
FBI officials declined further comment.
The Postal Service said it would provide employees with free credit monitoring services for a year.
More Africa news from The Wall Street Journal
More news from The Wall Street Journal
Premium access to WSJ.com: $1 a week for 12 weeks
Picture: REUTERS
MORE than 800,000 people, including employees, top directors and regulators, could be affected by a computer systems breach that may have compromised data including names, social security numbers and addresses, the US Postal Service said on Monday.
Employees, some retirees and staffers of the Postal Regulatory Commission, the US Postal Inspection Service and the Postal Service Office of the Inspector-General have been affected, the Postal Service said.
An unknown number of customers could also have been affected, though not to the same degree, officials said.
"Fortunately, we have seen no evidence of malicious use of the compromised data and we are taking steps to help our employees protect against any potential misuse of their data," Postmaster-General Patrick Donahoe said in a statement.
The organisation, he added, has significantly strengthened its systems to prevent future attacks.
The Postal Service said its revenue systems — including at post offices and online — weren’t compromised, and customers’ credit and debit card information weren’t affected.
However, customers who called the Postal Service’s customer-care centre between January 1 and August 16 may have had less-sensitive information — such as names, addresses, telephone numbers and e-mails — compromised.
Affected customers shouldn’t have to take any action, the postal service said. The agency was first alerted to suspicious activity in mid-September, and hackers breached its information systems some time after that, said spokesman David Partenheimer.
While the agency took immediate action, including bringing in experts to investigate and stop the attacks, it is only now informing the public and employees because it could have jeopardised remediation efforts, he said.
The source of the attack is still under investigation. It was "obviously done by a sophisticated person or group," Mr Partenheimer said.
"It looks like a similar pattern that other government agencies and large corporations had experienced."
In late October, a White House official said hackers recently had targeted computers there.
In July, US authorities said they were investigating an apparent breach of computer systems at the federal Office of Personnel Management, which stores data on federal employees.
In that instance, personnel records for federal employees applying for a security clearance were stolen from the government and one of its background check contractors. Federal investigators concluded China was behind the incident.
Investigators see some ties in the Postal Service breach to the government intrusions that were linked to China through digital evidence. The unknown hackers took similar, if less sensitive, data from the Postal Service. One person briefed on the probe said there was evidence pointing to China, but declined to elaborate.
The Washington Post earlier reported on the belief that Chinese hackers may have been behind the postal service hack. There also have been reports of high-profile data theft at companies, including Home Depot, Target and JPMorgan Chase, which resulted in the exposure of millions of customers’ data in the past year.
US corporate data thefts often have come from hackers based in China, Russia or the former Soviet Union, though that doesn’t mean the cyber attacks involve those governments. Hackers in those countries can act on their own and sell stolen data to other organisations, just like in the US.
The Federal Bureau of Investigation (FBI), which is leading the probe into the breach, advised postal employees to monitor and safeguard their personally identifiable information, and report suspected identity theft to its internet crime complaint centre.
FBI officials declined further comment.
The Postal Service said it would provide employees with free credit monitoring services for a year.
More Africa news from The Wall Street Journal
More news from The Wall Street Journal
Premium access to WSJ.com: $1 a week for 12 weeks
Post a comment