The United States Postal Service on Monday warned workers that their data had been compromised.
The breach affects not only letter carriers who walk their delivery routes and those who work in the inspector general’s office but also the postmaster general himself.
The Washington Post spoke to unnamed officials who said that the attack had actually been discovered in mid-September.
The USPS briefed Congress about the attacks in two classified meetings, on 22 October and 7 November. It made the intrusions public on Monday.
In its public statement, the USPS said that in addition to employee details, information about customers who called or emailed the agency’s Customer Care Center between 1 January and 16 August this year was also compromised.
The stolen customer information includes names, email addresses and phone numbers.
The exposed employee data may include names, dates of birth, Social Security numbers, addresses, dates of employment and more, officials said.
The total number of affected people isn’t clear, although the Washington Post reported that every USPS employee’s information was exposed. The service employs over 800,000 people.
Postal Service spokesman David Partenheimer told the AP that customers at local post offices or those using its website, usps.com, weren’t affected.
That means that the breach doesn’t involve customer credit card information from post offices or online purchases at usps.com.
The attacks happened in mid-September, Partenheimer said.
The Washington Post’s sources said that the attack was carried out by “a sophisticated actor” who was not, apparently, interested in identity theft or credit card fraud.
But, just in case, FBI spokesman Joshua Campbell said any suspected instances of identity theft should be reported to the FBI’s Internet Crime Complaint Center.
At any rate, Postmaster General Patrick Donahoe said in a statement that so far, the USPS hasn’t seen any fraud connected to the compromised data:
It is an unfortunate fact of life these days that every organization connected to the internet is a constant target for cyber intrusion activity. The United States Postal Service is no different.
Fortunately, we have seen no evidence of malicious use of the compromised data and we are taking steps to help our employees protect against any potential misuse of their data.
The FBI is leading an investigation into the attack.Follow @NakedSecurity