Foreign state suspected of breaching US Postal Service systems

State-sponsored hackers are suspected of breaching the systems of the United States Postal Service exposing the data of more than 800,000 employees.

The U.S. Postal Service has suffered a major data breach that may have exposed the personal information of more than 800,000 employees, including data on customers who contacted Postal Service Customer Care Center by telephone or email from January through August 16.

“Contact information from an estimated 2.9 million customers was also exposed during the breach. ” states a post published on Business2community website

According to the U.S. Postal Service, the data breach did not affect credit card data from other online services including Click-N-Ship, the Postal Store, PostalOne! or change of address services.

The U.S. Postal Service confirmed that the employees’ personal information exposed includes names, dates of birth, Social Security numbers, addresses, beginning and end dates of employment and emergency contact information.

“The intrusion is limited in scope and all operations of the Postal Service are functioning normally,” USPS spokesman David Partenheimer said in an official statement.

Security experts speculate that a persistent threat actor is behind the attack, several specialists hypothesized the involvement of a foreign government, like China or Russia.

Partenheimer added that the attack was run by a “sophisticated actor” that was not interested in credit card fraud neither to arrange large scale scam with stolen data.

The U.S. Postal Service was a privileged target for state-sponsored hackers,  for this reason it is not simple to imagine who is behind the data breach.

“There’s a lot of information there and it has great value,” to nation-states like China or cybercriminals in Russia,” said George Kurtz, chief executive of cybersecurity firm CrowdStrike.

“The U.S. Post Office moves billions of letters each year and all of that is captured digitally,” Kurtz told Reuters. “The information flow of where letters and packages and correspondence are going and who is talking to whom is very interesting to them.”

As usually happens in these cases to the company that suffers the attack, also the U.S. Postal Service would pay for victims to get credit monitoring services for one year.

The principal fear of US law enforcement and Intelligence, is that stolen information could be used in a secondary major attack (i.e. spear phishing campaign) against vital national structures.

The U.S. Postal Service breach follows a couple of major attacks occurred in the last months; in August the US Investigations Services (USIS), which provides background checks for the US government, was hacked, meanwhile early July, alleged Chinese hackers hacked the system of the Office of Personnel Management (OPM).

As reported by the Reuters agency, the U.S. Representative Elijah Cummings asked Postmaster General Patrick Donahoe in a letter Monday for more detail on the databreach.

“The increased frequency and sophistication of cyber-attacks upon both public and private entities highlights the need for greater collaboration to improve data security,” wrote Cummings, the senior Democrat on the House of Representatives Oversight and Government Reform Committee.

The FBI is leading the investigation on the data breach.

Pierluigi Paganini

(Security Affairs –  U.S. Postal Service, data breach)