WASHINGTON — Hackers recently broke into a U.S. Postal Service computer system and stole personal data, including social security numbers, for 750,000 employees and retirees, a U.S. official familiar with the breach told CNN on Monday.
The breach also compromised the data of 2.9 million postal service customers, the official said.
The Postal Service acknowledged the breach in a statement Monday but didn’t provide details.
A USPS statement said: “The Postal Service has recently learned of a cyber-security intrusion into some of our information systems. We began investigating this incident as soon as we learned of it, and we are cooperating with the investigation, which is ongoing. The investigation is being led by the Federal Bureau of Investigation and joined by other federal and postal investigatory agencies. The intrusion is limited in scope and all operations of the Postal Service are functioning normally.”
The personal identifying information of the 750,000 employees and retirees includes birthdates, addresses and employment codes used in the Postal Service’s payroll systems, the official briefed on the matter said.
The USPS is notifying employees and retirees Monday and will pay for credit monitoring for those affected, the official said.
USPS customers’ data affected includes names, home addresses, phone numbers and emails, the official said.
Rep. Elijah Cummins, (D-Md.), sent a letter Monday to the Postal Service seeking more information about the breach, raising concerns amid numerous other breaches affecting 500 million records in the financial industry this year.
“The increased frequency and sophistication of cyber-attacks upon both public and private entities highlights the need for greater collaboration to improve data security,” Cummings said.
The FBI, which is investigating the breach, also issued a statement Monday: “The FBI is working with the United States Postal Service to determine the nature and scope of this incident. Impacted individuals should take steps to monitor and safeguard their personally identifiable information, and report any suspected instances of identity theft to the FBI’s Internet Crime Complaint Center at www.ic3.gov.”