Cybersecurity

USPS breach wider than first reported

Shutterstock image: breached lock.

Social Security numbers of U.S. Postal Service employees weren't the only data to be affected in September's cybersecurity breach at USPS. The agency is now saying that the medical records of as many as 485,000 employees might also have been accessed.

USPS alerted potential breach victims -- current and past employees who filed injury compensation claims between November 1980 and August 2012 -- with individual letters explaining their specific situations.

In the Dec. 10 letter to employees, USPS Chief Human Resources Officer Jeffrey Williamson said the potentially compromised information was stored in "a file relating to injury compensation claims," which includes medical information associated with that claim. NextGov first reported on the breach of the medical files.

Spokesman Dave Partenheimer said the information accessed in the breach can include victims names, addresses and Social Security numbers, as well as their medical information.

At a National Press Club event in Washington, D.C. on Jan. 6, Postmaster General Patrick Donahoe said at the time of the breach USPS was following best practices and recommendations of the private sector and federal government – but considering the number of network breaches in the public and private sector during the time, that might not assuage many of those affected.

Donahoe describes USPS's cybersecurity posture as similar to most organizations -- a wall keeping malicious intruders out -- but said that in the months following the breach, improvements have been made.

"We've now employed a substantial change in not only maintaining the wall and building the wall to be stronger, [with] much more scanning internally," Donahoe said. "There's a lot of new products on the market right now that are not even for sale yet that we are using."

USPS has also hired a third party to conduct an "over the shoulder" review of its cybersecurity program. Donahoe said the goal is "to make sure that everything we're doing is better than industry standards."

The results of that review will not be made public, Donahoe said.

About the Author

Colby Hochmuth is a former staff writer for FCW.

Featured

  • Telecommunications
    Stock photo ID: 658810513 By asharkyu

    GSA extends EIS deadline to 2023

    Agencies are getting up to three more years on existing telecom contracts before having to shift to the $50 billion Enterprise Infrastructure Solutions vehicle.

  • Workforce
    Shutterstock image ID: 569172169 By Zenzen

    OMB looks to retrain feds to fill cyber needs

    The federal government is taking steps to fill high-demand, skills-gap positions in tech by retraining employees already working within agencies without a cyber or IT background.

  • Acquisition
    GSA Headquarters (Photo by Rena Schild/Shutterstock)

    GSA to consolidate multiple award schedules

    The General Services Administration plans to consolidate dozens of its buying schedules across product areas including IT and services to reduce duplication.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.