USPS Newsbreak
NAPS HQ was informed by USPS HQ officials that a cyber-breach of USPS employee data occurred. Please share the attached USPS Newsbreak, FAQ’s, and Employee Handout with your NAPS membership. NAPS will provide any additional information received to the Executive Board and will post this information on our NAPS Website under Breaking News.
Thank you.
Tommy Roma
NEWSBREAK
Notification of cyber intrusion and employee data compromise
The Postal Service recently learned of a cyber intrusion into some of its information systems and an investigation began as soon as the intrusion was discovered. Steps already have been taken to strengthen the security of USPS systems and there will be additional measures in the coming days and weeks.
The investigation indicates that files containing employee information were compromised, including names, dates of birth, social security numbers, addresses, beginning and end dates of employment, and emergency contact information for all active employees. In addition, we are aware of a possible compromise of injury claim data that we are still investigating involving a small number of employees. Individualized letters will provide everyone with specific information about their particular situation.
PMG Patrick Donahoe has recorded a special video for employees with background information, an explanation of steps being taken to protect employees, and an explanation of resources available on the cyber incident.
“I’d like to say how bad I feel that the whole organization has been victimized,” says Donahoe. “The Postal Service has put in a lot of effort over the years to protect our computer systems and the bad guys haven’t been successful until now.”
Donahoe apologized that the incident happened. “You also have my commitment that we will help all of our employees deal with the situation,” he said. “We are a resilient organization and we’ll get through this.”
Click here for full Newsbreak Article.
EMPLOYEE FAQs
USPS Cyber Intrusion and Employee Data Compromise
November 10, 2014
Employee Frequently Asked Questions
1. How and when did the security breach occur?
The Postal Serve recently learned of a cyber intrusion into some of its information systems. This type of intrusion is not unique; you likely have read multiple news stories on similar intrusions into U.S. companies and other Federal government agencies. We are not aware of any evidence that any of the compromised employee information has been used to engage in any malicious activity. We are working closely with the Federal Bureau of Investigation, Department of Justice, the USPS Office of Inspector General, the Postal Inspection Service and the U.S. Computer Emergency Readiness Team. The Postal Service has also brought in private sector specialists in forensic investigation and data systems to assist with the investigation and remediation to insure that we are approaching this event in a comprehensive way, understanding the full implications of the intrusion and putting in place safeguards designed to strengthen our systems.
2. Why were employees not told of the breach immediately after it was discovered?
Communicating the breach would have put the remediation actions in jeopardy. We are unaware of any evidence that any of the compromised employee information has been used to engage in any malicious activity or to enable identity theft crimes.
Click here for full Employee FAQs.
EMPLOYEE HANDOUT
USPS Cyber Intrusion and Employee Data Compromise
Employee Handout
This document provides you with information about the recent cyber incident. It is meant to accompany a stand-up talk from your manager/supervisor, after you’ve seen a special PMG video message, and/or stand-up talk on November 10, 2014. All impacted employees will receive a letter at their address of record within ten days.
Situation
The Postal Service recently learned of a cyber intrusion into some of our information systems. This basically means that someone who didn’t have permission was able to get into some of our computer networks. This type of intrusion is not unique; you likely have read multiple news stories on similar intrusions into U.S. companies and other Federal government agencies.
We began investigating the intrusion into our systems as soon as we discovered it. We are working closely with the FBI, the Department of Justice, our own Inspector General and Postal Inspection Service, and the U.S. Computer Emergency Readiness Team. Additionally, we’ve brought on outside experts who specialize in investigations and data systems to help us understand what happened and how to improve our security.
Comments are closed.