Employee databases, full of sensitive personal information, are a treasure trove for hackers, and the U.S. Postal service on Monday became the latest employer that’s had to deliver bad news about that data to its workers. Computer criminals potentially compromised critical employee data from the USPS, the agency said, including “names, dates of birth, Social Security numbers, addresses, beginning and end dates of employment, emergency contact information and other information.”
Human resource data is a frequent target of identify thieves. The hack also impacted some consumers who called in to the USPS customer care center earlier this year — hackers obtained their names, addresses, telephone numbers, email addresses — but postal service officials say those consumers are not at increased risk for identity theft.
USPS workers will get a free year of credit monitoring to help ward off identity theft trouble, but in a disturbing twist, sources told the Washington Post that the hackers don’t seem interested in making money using the stolen information. Instead, the Post says hackers from China are responsible for the attack, and their goal seems to be state sponsored cyber-espionage.
While the attack is said to have occurred in mid-October, it was revealed Monday, the day that President Obama arrived in Beijing for talks with Chinese President Xi Jinping.
Experts said rosters of U.S. employees would be useful to foreign intelligence agencies. While the USPS is not a government entity, it performs some government-like functions.
U.S. officials say hackers have targeted federal employees before. In August, U.S. officials said computer systems belonging to USIS, a federal contractor that conducts background checks on federal workers, had been compromised. Records of some 25,000 Department of Homeland Security workers were compromised in what was called a “state-sponsored attack.”
And in July, the New York Times revealed that U.S. officials blamed Chinese hackers for an intrusion into Office of Personnel Management computers, which store data on federal workers, targeting “tens of thousands of employees who have applied for top-secret security clearances.”
Chinese officials have repeatedly denied responsibility for such attacks, though it’s widely believed that both the U.S. and Chinese governments wrestle frequently in cyberspace.
There is little for consumers to do in light of the USPS attack, other than those who called for customer support last year. Those consumers should beware of phishing attacks targeting the email addresses they shared with postal workers.
Employees who work for a firm that loses employee data should take breach notifications they receive seriously. Human resource databases can contain very personal information, such as data on healthcare providers and even vacation days, making victims of employee database theft particularly vulnerable to serious identity theft incidents. Workers should take full advantage of free credit monitoring offers, including more-frequent-than-usual inspection of their credit reports. Sudden large changes in credit scores can also be an indicator of fraud, and is a good reason to check your credit reports for more details on what caused the change. (And one way to see your credit scores for free is on Credit.com.)
Employees should also carefully check their annual Social Security Administration benefits statements for unusual activity. And they should be wary of any unusual snail mail suggesting their identity has been used to obtain credit, licenses, or to open any other accounts using their information.
More on Identity Theft:
- How Can You Tell If Your Identity Has Been Stolen?
- What Should I Do If I’m a Victim of Identity Theft?
- How Credit Impacts Your Day-to-Day Life
Image: By IFCAR, via Wikimedia Commons