A U.S. Postal Service data breach has potentially compromised the personal information of 800,000 employees, as well as some customers who contacted the government service.
The data breach of some USPS information systems, being investigated by the FBI, may include names, dates of birth, Social Security numbers, addresses and other information of Postal Service employees, the USPS said. The intrusion, reportedly discovered in September, also may affect customers who called or emailed the USPS customer care center between January and mid-August, the post office said.
The compromised data for those Postal Service customers could include names, addresses, telephone numbers and email addresses, but USPS does not believe that customers need to take action to protect their financial accounts, the service said. USPS is still investigating how many customers were affected, a spokesman said.
USPS customer credit and debit card accounts were not breached in the attack, the Postal Service said. There's "no evidence" that any customer credit card information from retail or online purchases through Click-N-Ship, the Postal Store and other services was compromised, USPS said.
Chinese hackers are suspected in the attack, according to a the Washington Post. USPS spokesman David Partenheimer said the source of the attack remains under investigation.
The postal service attributed the breach to a sophisticated attacker, but it's unclear what information attackers were targeting. "We are unaware of any evidence that any of the compromised employee information has been used to engage in any malicious activity or to enable identity theft crimes," Partenheimer said by email.
USPS called the breach "limited in scope." and said the Postal Service continues to deliver mail and perform its other functions.
The postal service is contacting employees and offering recommendations for precautions they should take, Partenheimer said. The postal service will offer one year of free credit monitoring to all employees, he said.
The postal service recently upgraded its IT security systems, it said. Some of its services were down this past weekend during the upgrades.
Grant Gross covers technology and telecom policy in the U.S. government for The IDG News Service. Follow Grant on Twitter at GrantGross. Grant's email address is firstname.lastname@example.org.