Exclusive: U.S. Postal Service Explains Data Breach to Employees with Simplified Handout

On Monday, employees of the United States Postal Service (USPS) were notified that there had been a breach in the system, and that their personal data had been compromised.

A document given to USPS employees on Monday morning, during a “stand-up” briefing, assured them that this type of intrusion was “not unique,” and was similar to previous intrusions into “U.S. companies and other Federal government agencies,” which USPS employees have likely “read multiple news stories on.

The Postal Service recently learned of a cyber intrusion into some of our information systems,” stated the document. “This basically means that someone who didn’t have permission was able to get into some of our computer networks.

USA Today reported that “classified briefings” from October 22 and November 7 showed that the U.S. Postal Service “told members of Congress that it had been hacked,” as early as October 22.

The document given to USPS employees assured them that the Postal Service “began investigating the intrusion” as soon as it was discovered, and that the agency is working with the FBI, the Department of Justice, the Postal Inspection Service, and the U.S. Computer Emergency Readiness Team, along with “outside experts who specialize in investigations and data systems” to find the cause of the breach, and to prevent another intrusion from occurring.

The investigation indicates that files containing employee information were compromised,” stated the document. “These files include information such as names, dates of birth, social security numbers, addresses, beginning and end dates of employment, and emergency contact information for all active employees.

According to the Washington Post, “Chinese government hackers are suspected of breaching the computer networks of the United States Postal Service,” which compromised the data of more than 800,000 employees.

However, Reuters reported, “Cybersecurity experts said it was too soon to know who was behind the attack but agreed the Postal Service was a rich target.

The employee handout explained that all employees impacted by the intrusion would receive individualized letters, which will provide them with “specific information about their particular situation.”

In a statement to the public, the U.S. Postal Service’s Manager for Media Relations, David Partenheimer, stated that there was “no evidence of malicious use of the compromised data,” and that no customer credit card data had been infringed upon:

Postal Service transactional revenue systems in Post Offices as well as on usps.com where customers pay for services with credit and debit cards have not been affected by this incident. There is no evidence that any customer credit card information from retail or online purchases such as Click-N-Ship, the Postal Store, PostalOne!, change of address or other services was compromised.

RT reported that an investigation done by the Associated Press revealed that “federal agents and contractors alike are all too guilty of letting systems become infected by clicking bogus links, accidentally installing malware or otherwise opening up networks to hackers by way of their own inept operational security.

Multiple U.S. Postal employees declined Benswann.com’s request for a comment on the issue, stating that they were told to refer all questions they received from the media to USPS customer relations.

Regarding the handout’s advice on how employees should answer questions from customers, it stated that they should assure customers that “the operations of the Postal Service are not impacted,” and that “Post Offices are functioning normally and mail and packages are being delivered as usual.”

Read the full document given to USPS employees: Screen Shot 2014-11-10 at 6.35.48 PM