This year may well go down as the year of the data breach.
Monday, the U.S. Postal Service announced it had been hit by what it called a “cyber intrusion incident.” According to a statement issued by the Postal Service, the main victims of the breach are current and former employees. Hackers may have accessed their “names, dates of birth, Social Security numbers, addresses, beginning and end dates of employment, emergency contact information and other information.”
Customers who called the Postal Service’s Customer Care Center from Jan. 1 to Aug. 16 may have had their names, phone numbers, addresses, and email addresses stolen, the statement says.
The privacy and security of data entrusted to us is of the utmost importance. We have recently implemented additional security measures designed to improve the security of our information systems, including certain actions this past weekend that caused certain systems to be off-line. We know this caused inconvenience to some of our customers and partners, and we apologize for any disruption.
We began communicating this morning with our employees about this incident, apologized to them for it, and have let them know that we will be providing them with credit monitoring services for one year at no charge to them. Employees also have the personalized assistance available to them provided by the Human Resources Shared Services Center. We are committed to helping our employees deal with this situation.
The Postal Service didn’t specify just how many people were affected by the breach, but CNN reported that 750,000 employees and 2.9 million customers were involved.
The FBI also released this statement Monday:
The FBI is working with the United States Postal Service to determine the nature and scope of this incident. Impacted individuals should take steps to monitor and safeguard their personally identifiable information, and report any suspected instances of identity theft to the FBI’s Internet Crime Complaint Center at www.ic3.gov.
If the events of this year have proven anything regarding data breaches, it’s that virtually no organization is safe. Contingencies for cyber intrusions are likely to become permanent pieces of organizational crisis plans.