USPS Breach is Latest Security Leakage.
The United States Postal Service ran an ad about how much safer your data is if you use the mail service. Some of the catch phrases include, “A refrigerator has never been hacked. An online virus has never attacked a corkboard.” It goes on to assure you that conducting your daily business using the Postal Service will protect you from the dangers of using modern conveniences. Or not…USPS has been hacked. Were they inviting the attack?
The good news about the USPS breach is that the cyber thieves didn’t appear to get too much volume (less than a million records); the bad news is that it included the gold standard of identity (SSNs):
- Up to 800,000 employees may have had their names, dates of birth, Social Security numbers, addresses, emergency contacts and other information exposed.
- Customers who contacted the Postal Service Customer Care Center via telephone or e-mail between Jan. 1 and Aug. 16 may have had their names, addresses, telephone numbers or e-mail addresses compromised.
- No customer credit card information from post offices or online purchases at USPS.com was breached.
- Customers at local post offices or those using its website, USPS.com, were not affected.
Analysts of this attack, including USPS spokesman David Partenheimer believe the hackers appeared “not to be interested in identity theft or credit card fraud.” USPS is offering credit monitoring services for one year at no charge, but said they do not believe that potentially affected customers need to take any action.
So if the thieves aren’t solely out to make a buck on the black market by selling personal data, why make the effort?
Because it is a testing ground for bigger exploits. They want to understand how the federal computer systems work – it wasn’t for financial gain, but for political reconnaissance.
The lesson here is that information isn’t just a financial currency, it also has political value. We spend a lot of time speaking about the financial implications of cyber crime, but data theft often has more global implications and motivations.
You see, many cyber security experts suspect that China executed the hack, though Chinese officials constantly deny they engage in cyber security attacks. (In another spot of irony, as this story broke, President Obama was arriving in China to meet with President Xi Jinping.)
Knowledge is power, even when it’s not tied directly to money. What have you done to protect the information you own that isn’t financially valuable, but could still be part of a breach?
John Sileo is an an award-winning author and keynote speaker on identity theft, internet privacy, fraud training & technology defense. John specializes in making security entertaining, so that it works. John is CEO of The Sileo Group, whose clients include the Pentagon, Visa, Homeland Security & Pfizer. John’s body of work includes appearances on 60 Minutes, Rachael Ray, Anderson Cooper & Fox Business. Contact him directly on 800.258.8076.