USPS is a major government entity that handles mail containing sensitive, personal information for every American citizen- it’s a tall order, and for the most part, this information is kept safe and secure.
Hacking, however, is a big issue surrounding people’s personal information- so has USPS been hacked, and what do you need to know about it?
Has USPS Been Hacked?
USPS has been hacked, although the first and last major cyberattack was in September of 2014. While it’s never been confirmed, there’s solid evidence that USPS was hacked by China, with the attack reaping the data of every single USPS employee and some USPS customers, over 800,000 people. While the attack did not involve any payment information and did not seem to be focused on identity theft or credit card fraud, USPS has since increased its cybersecurity measures.
If you’re concerned that you might be among those whose information was leaked or just want to better understand this cyberattack on a critical government institution, be sure to keep reading!
Who Hacked USPS?
While it has never been formally confirmed, both the FBI and USPS feel that China was responsible for the cyberattack in 2014.
China has a history of hacking United States government agencies, and the USPS cyberattack came at the same time that the USIS, which conducts security clearance checks, and the Office of Personnel Management were dealing with similar cyberattacks.
The cyberattacks on USIS and the Office of Personnel Management had more definitive ties to China, although not publicly confirmed, and all three of these organizations have something in common: data on American citizens and government employees.
It’s not entirely clear why China chose to attack USPS, however, there are several working theories, although nothing has been formally confirmed.
The most widely accepted and most likely theory is that China may have been assuming that the United States Postal Service operated like China Post, their domestic postal service.
China Post is similar to USPS in that it is a state-owned entity that handles postal deliveries, but China Post, unlike USPS, also has vast amounts of data on nearly every citizen, and this kind of data on US citizens could be extremely valuable to China.
Who Did The USPS Hack Affect?
The USPS cyberattack was far-reaching, however most of the damage done concerned USPS employees.
Some consumer data was hacked, however, the consumer data gathered was limited to names, phone numbers, addresses, and email addresses.
The data gathered on non-employees seems to have been gathered from call center data submitted to the Postal Service Customer Care Center by customers via email or phone between Jan. 1 and Aug. 16, 2014.
USPS and the FBI do not have any reason to believe any further action needs to be taken on any non-employee’s part as no financial information was leaked.
Employees were the primary target of this cyber attack- every, single employee, including the postmaster general, had their social security number, name, address, date of birth, and dates of employment gathered in this cyberattack, among other information.
The total amount of people affected by this hack is over 800,000, with varying degrees of personal information having been gathered by the hacker.
While employee information was leaked, there was never any evidence of outright malicious use of the information such as identity theft or credit card fraud.
USPS has since taken measures with all affected employees as well as employees hired after the attack to help protect their information.
If you’re interested in reading about the timeline of the 2014 cyberattack, as well as some of the measures USPS has taken to help bolster their security, you can take a look at this article.
Why Was USPS Hacked?
Since there has never been any definitive answer as to who hacked USPS, this is a difficult question to answer.
Ultimately, all the evidence points to China, and the accepted theory is that it was a way of gaining information on American citizens, but more importantly, government employees.
The predominant reason any foreign country, especially one with whom the United States has such a tenuous relationship, would want to gather data on government employees is to gain insights into links between individuals or for espionage purposes.
Espionage purposes don’t necessarily mean to sic spies on these particular individuals, however.
By gathering large swaths of data on government employees, China can begin to amass an inventory of US people for counterintelligence and recruitment purposes.
This can be useful for both cyberintelligence purposes by creating links between individuals as well as more traditional espionage, which would involve having someone on their side on the ground to feed them information about events and people of interest.
Ultimately, however, there is no tangible evidence that this was the motivation behind the 2014 cyberattack on USPS.
While it does seem the most likely case, neither the USPS or the FBI have confirmed China’s involvement since the case broke, and have only broadcast information about enhanced security measures.
The first and last major cyberattack on USPS was in 2014, and the evidence seems to point towards China as the perpetrator.
While China has denied this allegation, there is evidence that they also performed cyberattacks on several other government agencies around the same time in an effort to get information on government employees.
Every single USPS employee, including the Postmaster General, had their name, address, date of birth, social security number, email address, and dates of employment leaked.
There doesn’t seem to be any malicious use of the information such as identity theft or credit card fraud, so it’s assumed the attack was executed to gain information.
The running theory is that China wanted to begin amassing information on government employees in the hopes of using it for counterintelligence, recruitment, or espionage purposes.