Postal Service Statement on Cyber Intrusion Incident
The Postal Service has recently learned of a cyber security intrusion into some of our information systems. We began investigating this incident as soon as we learned of it, and we are cooperating with the investigation, which is ongoing. The investigation is being led by the Federal Bureau of Investigation and joined by other federal and postal investigatory agencies. The intrusion is limited in scope and all operations of the Postal Service are functioning normally.
Information potentially compromised in the incident may include personally identifiable information about employees, including names, dates of birth, Social Security numbers, addresses, beginning and end dates of employment, emergency contact information and other information.
Postal Service transactional revenue systems in Post Offices as well as on usps.com where customers pay for services with credit and debit cards have not been affected by this incident. There is no evidence that any customer credit card information from retail or online purchases such as Click-N-Ship, the Postal Store, PostalOne!, change of address or other services was compromised.
The intrusion also compromised call center data for customers who contacted the Postal Service Customer Care Center with an inquiry via telephone or e-mail between Jan. 1, 2014, and Aug. 16, 2014. This compromised data consists of names, addresses, telephone numbers, email addresses and other information for those customers who may have provided this information. At this time, we do not believe that potentially affected customers need to take any action as a result of this incident.
The privacy and security of data entrusted to us is of the utmost importance. We have recently implemented additional security measures designed to improve the security of our information systems, including certain actions this past weekend that caused certain systems to be off-line. We know this caused inconvenience to some of our customers and partners, and we apologize for any disruption.
We began communicating this morning with our employees about this incident, apologized to them for it, and have let them know that we will be providing them with credit monitoring services for one year at no charge to them. Employees also have the personalized assistance available to them provided by the Human Resources Shared Services Center. We are committed to helping our employees deal with this situation.
Added: A source tells ABC News the attack originated in China.
Statement by Mark Dimondstein, President, American Postal Workers Union:
The American Postal Workers Union is outraged by revelations that employee information has been compromised by a “cyber intrusion” of the U.S. Postal Service data systems.
Postal management is responsible for protecting employee privacy. We intend to make sure the USPS takes steps to prevent such a breach from happening again and that employees are protected from any negative consequences resulting from the breach.
Although we are deeply distressed by the exposure of confidential employee information, we are pleased that the cyber attack does not seem to have involved postal customers. Our members are committed to providing excellent service to the people of our country.