Cybersecurity

USPS breach wider than first reported

Shutterstock image: breached lock.

Social Security numbers of U.S. Postal Service employees weren't the only data to be affected in September's cybersecurity breach at USPS. The agency is now saying that the medical records of as many as 485,000 employees might also have been accessed.

USPS alerted potential breach victims -- current and past employees who filed injury compensation claims between November 1980 and August 2012 -- with individual letters explaining their specific situations.

In the Dec. 10 letter to employees, USPS Chief Human Resources Officer Jeffrey Williamson said the potentially compromised information was stored in "a file relating to injury compensation claims," which includes medical information associated with that claim. NextGov first reported on the breach of the medical files.

Spokesman Dave Partenheimer said the information accessed in the breach can include victims names, addresses and Social Security numbers, as well as their medical information.

At a National Press Club event in Washington, D.C. on Jan. 6, Postmaster General Patrick Donahoe said at the time of the breach USPS was following best practices and recommendations of the private sector and federal government – but considering the number of network breaches in the public and private sector during the time, that might not assuage many of those affected.

Donahoe describes USPS's cybersecurity posture as similar to most organizations -- a wall keeping malicious intruders out -- but said that in the months following the breach, improvements have been made.

"We've now employed a substantial change in not only maintaining the wall and building the wall to be stronger, [with] much more scanning internally," Donahoe said. "There's a lot of new products on the market right now that are not even for sale yet that we are using."

USPS has also hired a third party to conduct an "over the shoulder" review of its cybersecurity program. Donahoe said the goal is "to make sure that everything we're doing is better than industry standards."

The results of that review will not be made public, Donahoe said.

About the Author

Colby Hochmuth is a former staff writer for FCW.

Featured

  • Contracting
    8 prototypes of the border walls as tweeted by CBP San Diego

    DHS contractors face protests – on the streets

    Tech companies are facing protests internally from workers and externally from activists about doing for government amid controversial policies like "zero tolerance" for illegal immigration.

  • Workforce
    By Mark Van Scyoc Royalty-free stock photo ID: 285175268

    At OPM, Weichert pushes direct hire, pay agent changes

    Margaret Weichert, now acting director of the Office of Personnel Management, is clearing agencies to make direct hires in IT, cyber and other tech fields and is changing pay for specialized occupations.

  • Cloud
    Shutterstock ID ID: 222190471 By wk1003mike

    IBM protests JEDI cloud deal

    As the deadline to submit bids on the Pentagon's $10 billion, 10-year warfighter cloud deal draws near, IBM announced a legal protest.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.