WASHINGTON- Yet another data breach, this one involving the US Postal Service, was reported today. The data breach is reported to have effected primarily employee information.
The information compromised includes names, dates of birth, Social Security numbers, addresses, and dates of employment. The number of employees effected could be upwards of 500,000.
Not only current employees, but also former employees and retirees could have also been effected.
The breach, reported today, is said to have been discovered mid-September by FBI officials. The breach occurred in the systems of the Office of Personal Management and of a contractor USIS that conducts the security clearance checks.
Although the report says that customer information that was used on usps.com was not affected, however people who did contact call centers from January 1st to August 16th are at risk. Of the people who contacted call centers, names, addresses, telephone numbers, and email addresses may have been breached.
This past weekend the US Postal Service has added safeguards to help prevent further incidents from happening.
In a formal statement sent to the Vermont Center for Community Journalism the US Postal Service said:
The Postal Service has recently learned of a cyber security intrusion into some of our information systems. We began investigating this incident as soon as we learned of it, and we are cooperating with the investigation, which is ongoing. The investigation is being led by the Federal Bureau of Investigation and joined by other federal and postal investigatory agencies. The intrusion is limited in scope and all operations of the Postal Service are functioning normally.
Information potentially compromised in the incident may include personally identifiable information about employees, including names, dates of birth, Social Security numbers, addresses, beginning and end dates of employment, emergency contact information and other information.
Postal Service transactional revenue systems in Post Offices as well as on usps.com where customers pay for services with credit and debit cards have not been affected by this incident. There is no evidence that any customer credit card information from retail or online purchases such as Click-N-Ship, the Postal Store, PostalOne!, change of address or other services was compromised.
The intrusion also compromised call center data for customers who contacted the Postal Service Customer Care Center with an inquiry via telephone or e-mail between Jan. 1, 2014, and Aug. 16, 2014. This compromised data consists of names, addresses, telephone numbers, email addresses and other information for those customers who may have provided this information. At this time, we do not believe that potentially affected customers need to take any action as a result of this incident.
The privacy and security of data entrusted to us is of the utmost importance. We have recently implemented additional security measures designed to improve the security of our information systems, including certain actions this past weekend that caused certain systems to be off-line. We know this caused inconvenience to some of our customers and partners, and we apologize for any disruption.
We began communicating this morning with our employees about this incident, apologized to them for it, and have let them know that we will be providing them with credit monitoring services for one year at no charge to them. Employees also have the personalized assistance available to them provided by the Human Resources Shared Services Center. We are committed to helping our employees deal with this situation.
Manager, Media Relations
U.S. Postal Service
The Vermont Center For Community Journalism will keep you posted as more information becomes available.