Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
United States Security

US Postal Service Hacked, 500k+ Employees and Public Data Breached 46

An anonymous reader writes "The U.S. Postal Service has admitted that it has suffered a massive security breach, with the disclosure to hackers of the personal details of over 500,000 USPS workers, along with details supplied by members of the public when contacting Postal Service call centers between January and mid-August of 2014. The breach is a hard blow to the integrity and reputation of the USPS's internal security set-up, the Corporate Information Security Office (CISO). In 2012 CISO reports that it blocked 257 billion unauthorized attempts to access the USPS network, 66,734 attempts to distribute credit-card information, 1,278 attempts to reveal USPS-ordained credit-card transactions and 345,342 attempts to distribute social security numbers.
This discussion has been archived. No new comments can be posted.

US Postal Service Hacked, 500k+ Employees and Public Data Breached

Comments Filter:
  • by log0n ( 18224 )

    First 2015 post?

    • Re:2015? (Score:4, Funny)

      by gameboyhippo ( 827141 ) on Monday November 10, 2014 @04:54PM (#48354381) Journal

      Good thing someone came from the future to warn us. Whew!

    • Yes, because it will take at least that long for the USPS breachers to print out millions of fake mortgage and credit card applications, address that many envelopes, and then stamp and mail them. Data breaches involving nineteenth-century technology are not for the faint of heart. Perhaps the ring will be exposed when hackers will be anonymously dumped off at hospitals with serious cases of writers' cramp. Police will then be able to follow trails of horse poop back to their stables.

  • It's good to see a government agency innovating their data privacy breaches to keep pace with private sector companies like Target and Home Depot.
  • by GungaDan ( 195739 ) on Monday November 10, 2014 @04:50PM (#48354349) Homepage

    The USPS *is* the future.

  • by Anonymous Coward
    Good grief. I guess persistence does pay off in the end.
  • by Anonymous Coward on Monday November 10, 2014 @04:53PM (#48354373)

    From TFS: "when contacting Postal Service call centers between January and mid-August of 2015."

    No worries, there's over a month to get it fixed before that.

  • Never gloat (Score:4, Insightful)

    by Bugler412 ( 2610815 ) on Monday November 10, 2014 @04:57PM (#48354411)
    Never, ever, anywhere should you gloat about your security, we are ALL vulnerable. If you think otherwise and gloat about it you only increase your risk.
  • I for one *love* news from the future. Please post more.

  • How about the NSA identifying open doors in US Gov't entitity's systems!

  • 2015? No problem:
    "Neither snow nor rain nor heat nor gloom of night nor wormholes stays these couriers from the swift completion of their appointed rounds"
  • "In 2012 CISO reports that it blocked 257 billion unauthorized attempts to access the USPS network, 66,734 attempts to distribute credit-card information, 1,278 attempts to reveal USPS-ordained credit-card transactions and 345,342 attempts to distribute social security numbers." ...hear the bullet that hits you.

  • See, the government can do just as good a job as private corporations like Home Depot or Target when it comes to storing sensitive data!

  • Being a former USPS employee, this just seems about right. The USPS, at least at the local post office level, has a mismatch of crazy tight security or almost nothing at all. I mean everything is watched (or believed to be watched) at the post office, but then once your mail leaves the office, the carrier can do practically anything he or she wants to do with it. Of course there's laws against this, but still, there's no security, nothing, once the truck leaves the office. No GPS, no cameras, nothing.
    • by ruir ( 2709173 )
      In dealing with mail offices, I have found that pretty much there is no *consistency* on the service. Depending on the post office, I can get a horrible service, can go to another where they do no fucking care about servicing their customers, or can go to another where their standards are better than most private offices.
  • " 66,734 attempts to distribute credit-card information..and 345,342 attempts to distribute social security numbers."

    Is there a definition of distribute that I'm not aware of? If I break into a bank, I'm not trying to distribute a million dollars. Who are these hackers, Robin Hood?
    • by Anonymous Coward

      Any security industry professional would recognise these numbers for what they are - random statistics dragged out of intrusion detection sensors and (in this example) data loss prevention (DLP) systems. DLP is kind of like a website filter in reverse, blocking the upload of any data that matches a credit card or social security number pattern (regular expression) through web or email to external parties.

      The don't mean a person prevented or investigated anything, typically 99% of these are preventing staff

      • Actually, in most cases a DLP is a "blinking light box" and that's about it. The CISO guy can walk into the cold server room, hmmmm to himself and feel warm all over watching the lights blink, then check his little box and go grab a frappi. All an HR guy who can't stop clicking @#$t has to do is log into the corporate VPN and download a password-protected Excel file with social security numbers to his virus-infected laptop and away we go. The fancy blinking light box will be no match for the clever Excel
  • When I consider all of the "online voting" stories and ideas that float around during election time, I am forced to think of stories like this one.
    • Obamacare project managers put the website into production knowing they had only 60% functionality and a broken security model, to the point where they had to sign an addendum absolving the federal contractor from liability. Polling officials can't even calibrate a voting machine touch screen correctly in some cases. Many people believe you shouldn't even have to provide any identification to vote, as it theoretically disenfranchises people who can't afford IDs. Good luck implementing online voting.
  • In 2012 CISO reports that it blocked 257 billion unauthorized attempts to access the USPS network

    Post Office Zone Alarm alerts for Windows 98SE sitting on public IP address space shouldn't be counted in my opinion.

(1) Never draw what you can copy. (2) Never copy what you can trace. (3) Never trace what you can cut out and paste down.

Working...