U.S. Postal Service Reports Data Breach

November 10, 2014

The U.S. Postal Service is the latest victim in a busy year of data breaches. According to a CNN report, hackers recently broke into a U.S. Postal Service computer system and stole personal data, including Social Security numbers, for 750,000 employees and retirees, also compromising the data of 2.9 million postal service customers.

USPS acknowledged the breach in a statement Monday: “The Postal Service has recently learned of a cyber-security intrusion into some of our information systems. We began investigating this incident as soon as we learned of it, and we are cooperating with the investigation, which is ongoing. The investigation is being led by the Federal Bureau of Investigation and joined by other federal and postal investigatory agencies. The intrusion is limited in scope and all operations of the Postal Service are functioning normally.”

The personal information of the 750,000 employees and retirees include birthdates, addresses and employment codes. Customer data affected includes names, home addresses, phone numbers and emails.

"We're hearing a steady drumbeat of data breaches," says Dave Frymier, CISO for Unisys. "These attacks have been going on for quite a while, but now our detection is getting better," which is why more data breaches are being reported. Frymier says that the industry's growing adoption and use of security information and event management (SIEM) systems has led to more identification of when traffic patterns are abnormal or suspect.

Another problem, which could be connected to the USPS breach, he says, is the universal availability and access to data.

"Everyone wants access to everything from everywhere," Frymier says. "This has not served us well. Only 5 to 15 percent of data is truly important, the crown jewels, much more important than the emails and day-to-day operations that make up the bulk of data in an enterprise. There's a trade-off between convenience and corporate data protection," he adds.

To move forward, Frymier suggests implementing several best practices, including identifying the corporate "crown jewels" of data, restricting access to that data to personnel who truly need to access it ("Your sales team should not have access to the human resources database," for example), and using encryption to hide important data from malicious actors.

"We have to get back to classic security methods: hiding and protecting the keys to the business," he says.

Career Focus: The Evolving Role of the Security Executive

How can you advance your career in the security industry with the skills and competencies necessary to benefit your organization? What will the security executive and the security function of the future look like? Join us as we hear from veterans in the security industry about their experiences, their lessons learned, and best practices for advancing their careers.

Security measures today tend to focus on controlling access, albeit with limitations. Many organizations, for example, know how many people have entered a secure location, but not how many have left.

Poll

Video Surveillance

View Results

Poll Archive

Products

Effective Security Management, 7th Edition

Effective Security Management, 5e, teaches practicing security professionals how to build their careers by mastering the fundamentals of good management. Charles Sennewald brings a time-tested blend of common sense, wisdom, and humor to this bestselling introduction to workplace dynamics.

See More Products

U.S. Postal Service Reports Data Breach

Get our new eMagazine delivered to your inbox every month.

Stay in the know on the latest enterprise risk and security industry trends.

U.S. Postal Service Reports Data Breach

Related Articles

Get our new eMagazine delivered to your inbox every month.

Stay in the know on the latest enterprise risk and security industry trends.