U.S. Postal Service Reports Data Breach

November 10, 2014

The U.S. Postal Service is the latest victim in a busy year of data breaches. According to a CNN report, hackers recently broke into a U.S. Postal Service computer system and stole personal data, including Social Security numbers, for 750,000 employees and retirees, also compromising the data of 2.9 million postal service customers.

USPS acknowledged the breach in a statement Monday: “The Postal Service has recently learned of a cyber-security intrusion into some of our information systems. We began investigating this incident as soon as we learned of it, and we are cooperating with the investigation, which is ongoing. The investigation is being led by the Federal Bureau of Investigation and joined by other federal and postal investigatory agencies. The intrusion is limited in scope and all operations of the Postal Service are functioning normally.”

The personal information of the 750,000 employees and retirees include birthdates, addresses and employment codes. Customer data affected includes names, home addresses, phone numbers and emails.

"We're hearing a steady drumbeat of data breaches," says Dave Frymier, CISO for Unisys. "These attacks have been going on for quite a while, but now our detection is getting better," which is why more data breaches are being reported. Frymier says that the industry's growing adoption and use of security information and event management (SIEM) systems has led to more identification of when traffic patterns are abnormal or suspect.

Another problem, which could be connected to the USPS breach, he says, is the universal availability and access to data.

"Everyone wants access to everything from everywhere," Frymier says. "This has not served us well. Only 5 to 15 percent of data is truly important, the crown jewels, much more important than the emails and day-to-day operations that make up the bulk of data in an enterprise. There's a trade-off between convenience and corporate data protection," he adds.

To move forward, Frymier suggests implementing several best practices, including identifying the corporate "crown jewels" of data, restricting access to that data to personnel who truly need to access it ("Your sales team should not have access to the human resources database," for example), and using encryption to hide important data from malicious actors.

"We have to get back to classic security methods: hiding and protecting the keys to the business," he says.

ON DEMAND: The insider threat—consisting of scores of different types of crimes and incidents—is a scourge even during the best of times. But the chaos, instability and desperation that characterize crises also catalyze both intentional and unwitting insider attacks. Learn how your workers, contractors, volunteers and partners are exploiting the dislocation caused by today's climate of Coronavirus, unemployment, disinformation and social unrest.

ON DEMAND: There's a lot at stake when it comes to cybersecurity. Reputation, productivity, quality. Join us to discuss the future of your global security strategy and a path forward with trusted partners Cisco and Rockwell Automation, and turn your Food & Bev security challenges into strategic advantages that drive business value.

U.S. Postal Service Reports Data Breach

The latest news and information

Content written for business-minded executives who manage enterprise risk and security

U.S. Postal Service Reports Data Breach

Related Articles

The latest news and information

Content written for business-minded executives who manage enterprise risk and security