Hackers have breached the computer networks of the US Postal Service, compromising the data of more than 600,000 employees and some customers.
The compromised employee data – which some report as high as 800,000 records – included names, dates of birth, social security numbers, addresses and employment dates.
The breach affected the data of an unspecified number of customers, who contacted the agency’s customer care centres by phone or email between 1 January and 16 August 2014.
The customer data included names, email addresses and phone numbers.
But the US Postal Service (USPS) said no customer credit card information from post offices or online purchases at usps.com was affected, according to the Washington Post.
“It is an unfortunate fact of life these days that every organisation connected to the internet is a constant target for cyber intrusion activity,” said postmaster general Patrick Donahoe.
“The United States Postal Service is no different. Fortunately, we have seen no evidence of malicious use of the compromised data and we are taking steps to help our employees protect against misuse of their data.”
Suspicion falls on Chinese state hackers
Officials said the hack was discovered in September and the FBI is investigating, but declined to comment on who was thought to be behind the cyber attack.
They said the attack was carried out by sophisticated attackers who did not appear to be interested in identity theft or credit card fraud.
However, analysts said a federal agency such as USPS would make a logical espionage target for China, which would expect USPS to hold data on US government employees and citizens, the paper said.
Chinese officials have consistently denied accusations of cyber espionage, but China has been tied to recent intrusions, including one reported in July 2014 at USIS, a government contractor that conducts security-clearance checks.
The intrusion took place in March 2014, two months before the US government charged five Chinese military officers with hacking into five US companies and a labour union to steal trade secrets.
Those charged are members of the Chinese People’s Liberation Army Shanghai-based Unit 61398, identified as a dedicated and prolific hacking unit by US security firm Mandiant in 2013.
Repair and mitigation
Some analysts said the USPS breach should be viewed as the latest in a series of intrusions aimed at US government targets.
USPS claimed it started planning to resolve the matter as soon as it was notified of the breach by the FBI, but the agency reportedly did not act to repair the breach until 8 November 2014.
Officials said acting too quickly could have caused more data to be compromised, but safeguards were now in place to prevent future compromises.
The repair and mitigation process was supported by the Department of Homeland Security’s Computer Emergency Readiness Team, which was also called into help after the USIS breach.
The USPS has begun notifying employees of the breach and is providing free credit-monitoring services for the next year.
Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Related content from ComputerWeekly.com
RELATED CONTENT FROM THE TECHTARGET NETWORK