All United States Postal Service (USPS) employees, over 800,000, have had their personal data including names, addresses, and social security numbers stolen in a massive data breach believed to have originated in China.
“We began investigating this incident as soon as we learned of it, and we are cooperating with the investigation, which is ongoing,” USPS spokesman, David Partenheimer, wrote in a statement (PDF) Monday. “The investigation is being led by the Federal Bureau of Investigation and joined by other federal and postal investigatory agencies. The intrusion is limited in scope and all operations of the Postal Service are functioning normally”
The postal service does not believe any store-fronts or customer data were compromised in the USPS data breach, but customers who contacted the Postal Service Customer Care Center via email or phone between January 1 and August 16, may have also had personal data stolen including names, e-mail addresses, phone numbers, and other information customers provided through the USPS corporate center.
“Postal Service transactional revenue systems in Post Offices as well as on usps.com where customers pay for services with credit and debit cards have not been affected by this incident. There is no evidence that any customer credit card information from retail or online purchases such as Click-N-Ship, the Postal Store, PostalOne!, change of address or other services was compromised,” Partenheimer wrote in the USPS press release.
According to the Washington Post, the attack comes the same day that President Barack Obama arrived in Beijing for a high-level meeting with China’s president.
It remains unclear why China would want to hack into the USPS and steal USPS employee data, but according to cyber-policy expert, James A. Lewis, he told the Washington Post that “the Chinese may be assuming that the postal service is more like theirs—a state-owned entity that has vast amounts of data on its citizens.”
China has been a long term threat to the United States and has carried out any number of attacks on the American government, military and commercially owned networks. The U.S. has issued a number of statements to businesses regarding Chinese hackers, even warning companies of high-profile government-backed hackers attacking businesses at random.
USPS employees affected in the breach have been offered one free year of credit monitoring services with the inclusion of their personal Human Resources department. The FBI is said to be investigating the USPS data breach.