The United States Postal Service, or USPS, confirmed Monday that it was recently targeted by a massive cyberattack, which may have compromised the personal data of the agency’s employees and some of its customers. While the intrusion is said to be similar to cyberattacks reported by other federal agencies and U.S. corporations, USPS said that it did not have any evidence suggesting that the hacked information has been used for any malicious purpose.
Although USPS did not specify how many people were affected by the breach, media reports suggested that the hackers could have compromised the data of more than 800,000 employees. Information potentially compromised in the incident could include names, dates of birth, Social Security numbers, addresses, beginning and end dates of employment and emergency contact information. However, there is no evidence that any customer credit card information from retail or online purchases was compromised, according to USPS.
“We began investigating this incident as soon as we learned of it,” David Partenheimer, the manager of media relations at USPS, said in a statement. “The investigation is being led by the Federal Bureau of Investigation and joined by other federal and postal investigatory agencies.”
The agency did not say when the cyberattack took place, but added that anyone who called USPS customer support between Jan. 1 and Aug. 16, 2014 might have had their information stolen. The breach was first discovered in mid-September and the agency said that it delayed the disclosure because, “communicating the breach immediately would have put the remediation actions in jeopardy.”
“It is an unfortunate fact of life these days that every organization connected to the Internet is a constant target for cyber intrusion activity,” Postmaster General Patrick Donahoe said in a statement, obtained by BBC News. “The United States Postal Service is no different.”
The USPS announcement comes at a time when President Barack Obama is in Beijing to attend the Asia-Pacific Economic Cooperation, or APEC, summit at the start of his Asia-Pacific tour.
Chinese Hackers Suspected
While USPS officials did not comment on who was thought to be responsible for the breach, hackers associated with the Chinese government are thought to be the main suspects in the ongoing investigation, The Washington Post reported, adding that China has in the past denied allegations of engaging in cybertheft.
The Post cited James A. Lewis, a cyberpolicy expert, as saying that China could be interested in USPS as a “logical espionage target” assuming that the agency would have large amounts of data about U.S. citizens.
“They’re just looking for big pots of data on government employees,” Lewis told the Post. “For the Chinese, this is probably a way of building their inventory on U.S. persons for counterintelligence and recruitment purposes.”
The USPS said that the hack is limited in scope and all operations of the postal service are functioning normally. The agency also said that it had recently implemented additional security measures designed to improve the security of its information systems.