U.S. Postal Service Reports Data Breach

November 10, 2014

The U.S. Postal Service is the latest victim in a busy year of data breaches. According to a CNN report, hackers recently broke into a U.S. Postal Service computer system and stole personal data, including Social Security numbers, for 750,000 employees and retirees, also compromising the data of 2.9 million postal service customers.

USPS acknowledged the breach in a statement Monday: “The Postal Service has recently learned of a cyber-security intrusion into some of our information systems. We began investigating this incident as soon as we learned of it, and we are cooperating with the investigation, which is ongoing. The investigation is being led by the Federal Bureau of Investigation and joined by other federal and postal investigatory agencies. The intrusion is limited in scope and all operations of the Postal Service are functioning normally.”

The personal information of the 750,000 employees and retirees include birthdates, addresses and employment codes. Customer data affected includes names, home addresses, phone numbers and emails.

"We're hearing a steady drumbeat of data breaches," says Dave Frymier, CISO for Unisys. "These attacks have been going on for quite a while, but now our detection is getting better," which is why more data breaches are being reported. Frymier says that the industry's growing adoption and use of security information and event management (SIEM) systems has led to more identification of when traffic patterns are abnormal or suspect.

Another problem, which could be connected to the USPS breach, he says, is the universal availability and access to data.

"Everyone wants access to everything from everywhere," Frymier says. "This has not served us well. Only 5 to 15 percent of data is truly important, the crown jewels, much more important than the emails and day-to-day operations that make up the bulk of data in an enterprise. There's a trade-off between convenience and corporate data protection," he adds.

To move forward, Frymier suggests implementing several best practices, including identifying the corporate "crown jewels" of data, restricting access to that data to personnel who truly need to access it ("Your sales team should not have access to the human resources database," for example), and using encryption to hide important data from malicious actors.

"We have to get back to classic security methods: hiding and protecting the keys to the business," he says.

You must login or register in order to post a comment.

ON DEMAND: DevSecOps creates an environment of shared responsibility for security, where AppSec and development teams become more collaborative. With the right training and tools, developers can become more hands-on with security and, with that upskilling, stand out among their peers... however, they need the security specialists on-side, factoring them into securing code from the start and championing this mindset across the company.

ON DEMAND: The insider threat—consisting of scores of different types of crimes and incidents—is a scourge even during the best of times. But the chaos, instability and desperation that characterize crises also catalyze both intentional and unwitting insider attacks. Learn how your workers, contractors, volunteers and partners are exploiting the dislocation caused by today's climate of Coronavirus, unemployment, disinformation and social unrest.

Security Magazine

2020 November

This month, Security magazine brings you the Security 500 Report, Rankings and Thought Leader Profiles. How does your enterprise compare to others? Which security programs are leading the way? Also this month, we highlight how to plan, prepare for and build resilience to protests and other unplanned events, video surveillance tools for SMBs and more.

View More Create Account

U.S. Postal Service Reports Data Breach

Related Articles

Report Abusive Comment