Postal Service says it is victim of cyberattack; employee data may have been compromised
The U.S. Postal Service said Monday it had been hacked, potentially compromising sensitive information about its employees such as names and addresses, Social Security numbers, emergency contacts and other information.
The FBI said it was leading a multi-agency investigation into the breach, which took effect in mid-September. The intrusion was similar to those reported by other federal agencies as well as in the private sector. The agency isn't recommending that its customers take any action.
"The intrusion is limited in scope, and all operations of the Postal Service are functioning normally," said Postal Service spokesman David Partenheimer.
He said that customers at local post offices or those using its website, usps.com, were not affected, but that people who used its call center may have had telephone numbers, email addresses and other information compromised.
Partenheimer said the attacks affected Postal Service workers across the board, from the postmaster general to letter carriers to those who work in the inspector general's office.
The Postal Service provided no immediate information on how many people may have been affected. It said it employs over 800,000 workers.
Mark Dimondstein, president of the American Postal Workers Union, called the hacking "troubling."
"We're starting to get feedback immediately. People are concerned," Dimondstein said in an interview.
He said that, so far, the hacking "doesn't seem to have affected the public at all and doesn't seem to have affected credit cards, bank accounts and things like that."
"What we don't know is whether the Postal Service did everything they could to protect the employees," he said.
He said the union did not get a heads-up about the two breaches from the Postal Service officials even though they happened weeks ago.
However, the agency did notify congressional staffers about the hacking in classified briefings on October 22 and November 7, said Rep. Elijah Cummings of Maryland, senior Democrat on the House Oversight and Government Reform Committee.
"The increased frequency and sophistication of cyber-attacks upon both public and private entities highlights the need for greater collaboration to improve data security," Cummings wrote Monday in a letter to Postmaster General Patrick Donahoe.
In a statement, Donahoe depicted cyber-attacks as "an unfortunate fact of life these days" for every organization connected to the Internet. "The United States Postal Service is no different."
"Fortunately, we have seen no evidence of malicious use of the compromised data, and we are taking steps to help our employees protect against any potential misuse of their data," the postmaster general said.
The issue is sure to come up at a previously scheduled Postal Service public meeting on Friday morning at agency headquarters here.
FBI spokesman Joshua Campbell confirmed his agency is leading a multi-agency investigation of the hacking but declined to discuss details.
"Impacted individuals should take steps to monitor and safeguard their personally identifiable information and report any suspected instances of identity theft to the FBI's Internet Crime Complaint Center at www.ic3.gov," he said.
The Postal Service said disclosing the breach when it first occurred could have jeopardized the agency's efforts to fix the problem.
Follow Tom Raum on Twitter: http://www.twitter.com/tomraum