WASHINGTON, D.C. — Cyber criminals have breached a United States Postal Service computer system to steal personal data, including social security numbers, belonging to more than 800,000 employees and retirees, the agency disclosed on Monday. A system containing customer data was also breached.
David Partenheimer, a spokesman for the independent government agency, said it recently became aware of the cyber attack, but provided no details about when it occurred, the manner in which it was carried out, or who was responsible. The Washington Post reported that Chinese government hackers were suspected of being behind the attack, but it provided no details about its source.
Partenheimer said more than 800,000 employees and retirees were affected when hackers breached U.S. Postal Service information systems earlier this year. "Information potentially compromised in the incident may include personally identifiable information about employees, including names, dates of birth, Social Security numbers, addresses, beginning and end dates of employment, emergency contact information and other information," he said.
The intrusion also compromised call center data for customers who contacted the Postal Service Customer Care Center with an inquiry between January 1 and August 16. Customer information taken includes names, addresses, telephone numbers, email addresses and other information that may have been provided as part of the inquiry, but it does not include social security numbers.
"The number affected from those that contacted the Customer Care Center remains under investigation," Partenheimer said when asked how many customers were impacted by the breach. CNN, citing a U.S. official familiar with the breach, reported that approximately 2.9 million customers were affected.
"It's an unfortunate fact of life these days that every organization connected to the Internet is a constant target for cyber intrusion activity. The United States Postal Service is no different," said Postmaster General Patrick Donahoe. "Fortunately, we have seen no evidence of malicious use of the compromised data and we are taking steps to help our employees protect against any potential misuse of their data."
U.S. Postal Service employees will be offered credit monitoring services for one year at no cost to mitigate any effects of the data theft, Partenheimer said. Such services will not be provided to affected customers, however, as the agency said it does not believe they will have to take any action.
"Regarding customer data, let me be clear: based on the current investigation, Postal Service transactional revenue systems in Post Offices as well as on usps.com where customers pay for services with credit and debit cards have not been affected by this incident," Donahoe said.
Some of the agency's information network systems were taken offline over the weekend as part of mitigation efforts, which caused some inconvenience to customers, but Donahoe said that it had "significantly strengthened" its systems in an effort to prevent cyber attacks in the future.
The United States Postal Service, with more than 31,100 retail locations and the most frequently visited website in the federal government, has an annual revenue of more than $67.3 billion and delivers about 40 percent of the world's mail volume. If it were a private sector company, the U.S. Postal Service would rank 45th in the 2013 Fortune 500.