USPS Hacked: China Suspected Of Breaching Postal Service, May Have Compromised Staff, Customer Data

A cyber-attack that breached the computer networks of the United States Postal Service and compromised personal information of more than 800,000 employees is suspected to have been carried out by Chinese government hackers, Reuters reported.

The breach, which was discovered in mid-September and is being investigated by the FBI, compromised employees' names, dates of birth, Social Security numbers, addresses, beginning and end dates of employment and emergency contact information, the Postal Service said on Monday

Additionally, customers who had contacted the Postal Service Customer Care Center by telephone or email during the first eight months of 2014 were also victims of the "cyber-security intrusion." But there is no evidence that customer credit card data from retail or online services including Click-N-Ship, the Postal Store, and PostalOne! was exposed, officials added.

"It is an unfortunate fact of life these days that every organization connected to the Internet is a constant target for cyber intrusion activity," Postmaster General Patrick Donahoe said in a statement. "The United States Postal Service is no different. Fortunately, we have seen no evidence of malicious use of the compromised data and we are taking steps to help our employees protect against any potential misuse of their data."

"The intrusion is limited in scope and all operations of the Postal Service are functioning normally," USPS spokesman David Partenheimer said in a statement, declining to comment on who could be responsible for the crime.

But officials stated that the attack was carried out by a "sophisticated actor" who did not appear to be interested in identity theft or credit card fraud, ABC News reported.

"There's a lot of information there and it has great value," to nation-states like China or cybercriminals in Russia," said George Kurtz, chief executive of cybersecurity firm CrowdStrike.

"The U.S. Post Office moves billions of letters each year and all of that is captured digitally," Kurtz told Reuters. "The information flow of where letters and packages and correspondence are going and who is talking to whom is very interesting to them."

Specifically, the data could be used to launch secondary phishing attacks or to gain information about government cyber defenses, Edward Ferrara, vice president at Forrester Research, said.

According to some analysts, however, China could be focusing on a federal agency such as USPS as a logical espionage target. "For one thing, the Chinese may be assuming that the postal service is more like theirs - a state-owned entity that has vast amounts of data on its citizens, said James A. Lewis, a cyber-policy expert at the Center for Strategic and International Studies," according to The Washington Post.

Secondly, previously unknown links or insights could be analyzed by China through the massive amount of data gathered in the breach.

"They're just looking for big pots of data on government employees," Lewis said. "For the Chinese, this is probably a way of building their inventory on U.S. persons for counterintelligence and recruitment purposes."

Meanwhile, U.S. Representative Elijah Cummings asked Postmaster General Patrick Donahoe in a letter Monday for more information on the attack.

"The increased frequency and sophistication of cyber-attacks upon both public and private entities highlights the need for greater collaboration to improve data security," wrote Cummings, the senior Democrat on the House of Representatives Oversight and Government Reform Committee.

In October, JPMorgan announced that 76 million of the company's customers had been hacked. Over the past year, cyber attacks on customer payment card data have also been carried out on various major retailers, including Home Depot, Target and Michaels and Neiman Marcus, as well as the restaurant chain P.F. Chang's.

Real Time Analytics