It seems one retailer after another finds itself the victim of a data breach due to a hacking incident, and on Monday came the bad news that the U.S. Postal Service had been hacked. For online merchants, the news could have been more devastating, however. It appears no transactional data was compromised.
According to a statement issued by the USPS:
Postal Service transactional revenue systems in Post Offices as well as on usps.com where customers pay for services with credit and debit cards have not been affected by this incident. There is no evidence that any customer credit card information from retail or online purchases such as Click-N-Ship, the Postal Store, PostalOne!, change of address or other services was compromised.
Postal employees were not so lucky, however. Highly sensitive information about employees was compromised, including employee names, dates of birth, Social Security numbers, and addresses.
Postmaster General Patrick Donahoe had a special message for employees: “I’d like to say how bad I feel that the whole organization has been victimized,” he told them. “The Postal Service has put in a lot of effort over the years to protect our computer systems and the bad guys haven’t been successful until now.”
He also apologized that the incident happened, and said, “You also have my commitment that we will help all of our employees deal with the situation. We are a resilient organization and we’ll get through this.”
The Postal-Reporter published the USPS employee Q&A, including an answer to the question, “Why were employees not told of the breach immediately after it was discovered?”
House Oversight and Government Reform Committee Chairman Darrell Issa, R-Calif., and House Oversight Committee Subcommittee on Postal Service Chairman Blake Farenthold, R-Texas also wondered, releasing a statement saying the committee would continue to press the Postal Service for answers about how hackers were able to pierce the agency’s security protocols and calling for information security reform.
The congressmen also said they would seek information about why news of the attack was delayed 2 months, “preventing victims from taking proactive measures to secure their own information.”
Comment on the EcommerceBytes Blog.