U.S. Postal Service Reports Data Breach

November 10, 2014

The U.S. Postal Service is the latest victim in a busy year of data breaches. According to a CNN report, hackers recently broke into a U.S. Postal Service computer system and stole personal data, including Social Security numbers, for 750,000 employees and retirees, also compromising the data of 2.9 million postal service customers.

USPS acknowledged the breach in a statement Monday: “The Postal Service has recently learned of a cyber-security intrusion into some of our information systems. We began investigating this incident as soon as we learned of it, and we are cooperating with the investigation, which is ongoing. The investigation is being led by the Federal Bureau of Investigation and joined by other federal and postal investigatory agencies. The intrusion is limited in scope and all operations of the Postal Service are functioning normally.”

The personal information of the 750,000 employees and retirees include birthdates, addresses and employment codes. Customer data affected includes names, home addresses, phone numbers and emails.

"We're hearing a steady drumbeat of data breaches," says Dave Frymier, CISO for Unisys. "These attacks have been going on for quite a while, but now our detection is getting better," which is why more data breaches are being reported. Frymier says that the industry's growing adoption and use of security information and event management (SIEM) systems has led to more identification of when traffic patterns are abnormal or suspect.

Another problem, which could be connected to the USPS breach, he says, is the universal availability and access to data.

"Everyone wants access to everything from everywhere," Frymier says. "This has not served us well. Only 5 to 15 percent of data is truly important, the crown jewels, much more important than the emails and day-to-day operations that make up the bulk of data in an enterprise. There's a trade-off between convenience and corporate data protection," he adds.

To move forward, Frymier suggests implementing several best practices, including identifying the corporate "crown jewels" of data, restricting access to that data to personnel who truly need to access it ("Your sales team should not have access to the human resources database," for example), and using encryption to hide important data from malicious actors.

"We have to get back to classic security methods: hiding and protecting the keys to the business," he says.

In today's world of growing dependence on digital landscape expansion, companies are becoming more reliant upon cloud-based security services that protect both the company and customers they service.

Join a fast-paced webinar on October 7 when 3xLOGIC’s experts discuss the many advantages of cloud surveillance. Learn why end users are demanding cloud solutions, and how this can empower business owners to view, manage, and share video from anywhere, at any time, on any device.

Poll

Which metric comparing peer organizations to yours would be most beneficial for your security program?

View Results

Poll Archive

Products

Effective Security Management, 7th Edition

Effective Security Management, 5e, teaches practicing security professionals how to build their careers by mastering the fundamentals of good management. Charles Sennewald brings a time-tested blend of common sense, wisdom, and humor to this bestselling introduction to workplace dynamics.

See More Products

U.S. Postal Service Reports Data Breach

Get our new eMagazine delivered to your inbox every month.

Stay in the know on the latest enterprise risk and security industry trends.

U.S. Postal Service Reports Data Breach

Related Articles

Get our new eMagazine delivered to your inbox every month.

Stay in the know on the latest enterprise risk and security industry trends.