The U.S. Postal Service on Monday said it has fixed a technical glitch on its website that may have exposed the personal information of more than 60 million customers.
The vulnerability impacted USPS Informed Visibility, an online portal that allows businesses and advertisers access to "near real-time" tracking of mail and package shipments. An anonymous cybersecurity researcher discovered that the service’s website had a flaw that allowed anyone with a USPS account to view or, in some cases, modify account information for other users, cybersecurity blog KrebsOnSecurity reported.
The USPS said it hasn’t uncovered any evidence to suggest that the flaw “was leveraged to exploit customer records.” The glitch has been corrected.
“Any information suggesting criminals have tried to exploit potential vulnerabilities in our network is taken very seriously,” the USPS said in a statement. “Out of an abundance of caution, the Postal Service is further investigating to ensure that anyone who may have sought to access our systems inappropriately is pursued to the fullest extent of the law.”
KrebsOnSecurity reported earlier this month that the U.S. Secret Service had issued a warning that identity thieves may be exploiting flaws in the USPS online system to steal packages.
President Trump ordered a review of the USPS’ practices last April, noting that the mail services has lost $65 billion since 2008. The USPS announced plans to hike prices for elements of its service last October.
Correction note: This story originally identified USPS' "InformedDelivery" service as the source of the glitch.