Hackers believed to be backed by the Chinese government are suspected of perpetrating an intrusion that exposed the names, birth dates, addresses, Social Security numbers and other sensitive information of approximately 800,000 past and current U.S. Postal Service employees.
The USPS says the Federal Bureau of Investigation is leading the investigation into the intrusion, in which more than a month has passed before the attack was discovered in mid-September.
"The intrusion is limited in scope and all operations of the Postal Service are functioning normally," says David Partenheimer, manager of media relations for the U.S. Postal Service.
Though the Washington Post is reporting officials have declined to point the finger at suspects, the newspaper states Chinese government hackers are believed to have launched the attack. The perpetrators appeared to have been after counterintelligence on U.S. citizens, rather than seeking to steal financial details, according to analysts that spoke with the paper.
Without confirming or denying that the U.S. is currently conducting similar cyberattacks against China and other countries, Stewart Baker, general counsel for the National Security Agency, says it's the United States' job to "punish" and "embarrass" countries caught engaging in espionage.
"It's the case that the U.S. and Russia and other countries are much more cautious about getting caught because they think there are going to be consequences," says Baker. "It's only the Chinese that think there are no consequences to getting caught."
Along with addresses and Social Security numbers, the breach also exposed the employees' emergency contacts and periods of employment with the USPS. The postal service says other types of personal information also was exposed in the breach, though it didn't elaborate.
The point-of-sale systems in brick-and-mortar post offices and USPS.com were not affected by the breach, according to Partenheimer.
Though Partenheimer says the investigation hasn't produced any evidence that indicates the security breach impacted the USPS's online and offline transactions with customers, the same isn't true for individuals who contacted the Postal Service Customer Care Center during the first three quarters of 2014.
Customers who contacted USPS's customer care center between Jan. 1 and Aug. 16 of 2014 may have had their contact information exposed as a result of the breach. Partenheimer apologized to those affected by the breach and asserted that the USPS has stepped up its security.
"We have recently implemented additional security measures designed to improve the security of our information systems, including certain actions this past weekend that caused certain systems to be off-line," Partenheimer says.