The U.S. Postal Service announced Monday it was the target of a recent cyberattack likely launched by Chinese government hackers that compromised the personal employee data of up to 800,000 employees.
The Washington Post reports the FBI is currently investigating the hack, discovered in September, which could have resulted in the theft of employees’ names, Social Security numbers, birth dates, addresses, emergency contacts and more.
“It is an unfortunate fact of life these days that every organization connected to the Internet is a constant target for cyber intrusion activity,” Postmaster General Patrick Donahoe said in a statement Monday. “The United States Postal Service is no different.”
“Fortunately, we have seen no evidence of malicious use of the compromised data and we are taking steps to help our employees protect against any potential misuse of their data.”
USPS spokesman David Partenheimer said customers using their local post offices or going online were not affected, but those using the postal service’s call center may have had phone numbers, email addresses or other information stolen.
Officials reportedly have yet to detail how the breach occurred or where the Chinese connection was established.
“The intrusion is limited in scope and all operations of the Postal Service are functioning normally,” Partenheimer said.
“This is a serious security breach that has put the personal information of Americans at risk,” House Oversight and Government Reform Committee Chairman Darrell Issa and House Oversight Subcommittee on Postal Service Chairman Blake Farenthold said in a joint statement Monday. “The committee is deeply concerned about this cyber attack, and will continue to press the Postal Service for answers about how hackers were able to pierce the agency’s security protocols.”
“Furthermore, the committee understands the Postal Service has known about this attack since September and presented this information to Congress several weeks ago, but did so as a classified matter. The committee will also be seeking information about why the administration waited two months before making the news of this attack public and preventing victims from taking proactive measures to secure their own information. We have not been told why the agency no longer considers the information classified.”