The US Postal Service said it is investigating a cyber breach that exposed personally identifiable information of some employees.
“The intrusion is limited in scope and all operations of the Postal Services are functioning normally,” said a statement from spokesman David Partenheimer. There was some online service disruption as additional security measures were put in place.
The Postal Service said the FBI and other agencies are currently investigating the breach but there is no evidence any customer payment card information used in retail or online purchases was taken because transactional systems were not affected.
PII stolen may include employees’ names, dates of birth, Social Security numbers, addresses and other information. Reportedly, hundreds of thousands of employees could be affected. The breach is suspected to be the work of Chinese government hackers.
Partenheimer said the Postal Service began telling employees on the morning of November 10 and offered them free credit-monitoring services for a year.
Mark Dimondstein, president of the American Postal Workers Union, called the breach “troubling” and said the union filed charges with the National Labor Relations Board.
“Unfortunately, cybercrime is real and effective,” he said in a statement. “But we are outraged that this happened. We do not know at this point whether management did everything in their power to protect our privacy, but they bear the ultimate responsibility. While the Postal Service has been aware of the security problems for months, they kept you and your union leadership in the dark.”
Some customer call-center data was compromised between January 1 and August 16, said the Postal Service. Names, addresses, telephone numbers and email addresses were exposed.
“At this time we do not believe that potentially affected customers need to take any action as a result of this incident,” said Partenheimer.