Cyber warfare is a very real and ongoing thing, taking place across multiple fronts on the international theater. To that extent, it's of no surprise that every month there's a seemingly different company or organization that comes into the spotlight as the latest victim in the battle. November's latest high-profile target ─ that we're aware of ─ is our very own United States Postal Service.
According to Postmaster General Patrick Donahoe, the big hancho overseeing the agency, 800,000 employees' personal data, including social security numbers, dates of birth, addresses, and dates of employment, have been stolen. Stolen information may also include the phone numbers and home addresses of customers who've contacted USPS customer service. On the plus side ─ if there can even be one once your Social Security number is taken ─ credit information from post offices or online purchases at USPS.com was untouched.
“It's an unfortunate fact of life these days that every organization connected to the internet is a constant target for cyber intrusion activity,” Donahoe wrote in a statement. “The United States Postal Service is no different. Fortunately, we have seen no evidence of malicious use of the compromised data.”
Interestingly enough, USPS had learned about the data breach as far back as September, but concealed the issue from its employees until Nov. 10, 2014, stating that it did not want to inform employees until the problem could be resolved. “We notified employees as soon as we were able to without jeopardizing the remediation efforts. Earlier notification could have resulted in additional files being compromised,” a spokesperson told Gizmodo.
Although the FBI is currently investigating the hack, it is unclear who is actually responsible for it. In an interview with The Washington Post, James A. Lewis, a cyber-policy expert at the Center for Strategic and International Studies, alleged that it makes sense for China to be target a federal agency such as a post office. That's because China may be under the assumption that the U.S. postal service holds a vast array of personal information on its citizens, much like the majority of state-owned postal services. This data can potential analyzed for previously unseen patterns.
“They’re just looking for big pots of data on government employees,” says Lewis. “For the Chinese, this is probably a way of building their inventory on U.S. persons for counterintelligence and recruitment purposes.”
The New York Times offers a different explanation: rather than collecting personal information, the objective may have been to conduct reconnaissance and form an understanding as to how federal systems operate and link together.
As far as the public is concerned, it's unclear who is actually responsible for the hacking; the Chinese government repeatedly denies accusations of engaging in cyber-theft, citing the actions are prohibited by Chinese law. Nevertheless, the incident is worrisome because it shows that foreign entities are making progress in plotting how U.S. infrastructure operates.
At least we can rest assured that whoever hacked the USPS has just gotten on the hit list of the most humorless and retributive U.S. agency. Also ─ the USPS is offering a year of free credit monitoring to employees and customers who may be at risk.
Source: USPS
Advertisement
Learn more about Electronic Products Magazine
