The Postal Service™ recently learned of a cyber intrusion into some of its information systems and an investigation began as soon as the intrusion was discovered. Steps already have been taken to strengthen the security of USPS systems and there will be additional measures in the coming days and weeks.
The investigation indicates that files containing employee information were compromised, including names, dates of birth, Social Security numbers, addresses, beginning and end dates of employment, and emergency contact information for all active employees. In addition, we are aware of a possible compromise of injury claim data that we are still investigating involving a small number of employees. Individualized letters will provide everyone with specific information about their particular situation.
Postal Service transactional revenue systems in Post Offices as well as on www.usps.com, where customers pay for services with credit and debit cards, have not been affected by this incident. There is no evidence that any customer credit card information from retail or online purchases was compromised.
PMG Pat Donahoe has recorded a special video for employees with background information, an explanation of steps being taken to protect employees, and an explanation of resources available on the cyber incident.
“I’d like to say how bad I feel that the whole organization has been victimized,” says Donahoe. “The Postal Service has put in a lot of effort over the years to protect our computer systems and the bad guys haven’t been successful until now.”
Donahoe apologized that the incident happened. “You also have my commitment that we will help all of our employees deal with the situation,” he said “We are a resilient organization and we’ll get through this.”
A 1-page employee handout was provided to all employees, and special pages were posted on the Blue and LiteBlue employee websites at 11:30 a.m. EST, November 10. Resources will be available from a new link, titled “!! Important Employee Information !!” in the left column of both home pages. Along with the handout, online resources include an employee video, a stand-up talk, and FAQs. Please check the handout and resources for more information.
The Blue website is available from any postal computer on the postal internal network. LiteBlue is available from any computer connected to the Internet. You will need your Employee ID number and your employee password to access LiteBlue.
In addition, the Employee Assistance Program is available for specific concerns you may have, at http://EAP4YOU.com, or by phone at 800-327-4968; TTY 877-492-7341.
— Corporate Information Security Office,
Chief Information Officer, 11-27-14
