The information provided on this website does not, and is not intended to, act as legal, financial or credit advice; instead, it is for general informational purposes only. Information on this website may not be current. This website may contain links to other third-party websites. Such links are only for the convenience of the reader, user or browser; we do not recommend or endorse the contents of any third-party sites. Readers of this website should contact their attorney, accountant or credit counselor to obtain advice with respect to their particular situation. No reader, user, or browser of this site should act or not act on the basis of information on this site. Always seek personal legal, financial or credit advice for your relevant jurisdiction. Only your individual attorney or advisor can provide assurances that the information contained herein – and your interpretation of it – is applicable or appropriate to your particular situation. Use of, and access to, this website or any of the links or resources contained within the site do not create an attorney-client or fiduciary relationship between the reader, user, or browser and website owner, authors, contributors, contributing firms, or their respective employers.
Credit.com receives compensation for the financial products and services advertised on this site if our users apply for and sign up for any of them. Compensation is not a factor in the substantive evaluation of any product.
Employee databases, full of sensitive personal information, are a treasure trove for hackers, and the U.S. Postal service on Monday became the latest employer that’s had to deliver bad news about that data to its workers. Computer criminals potentially compromised critical employee data from the USPS, the agency said, including “names, dates of birth, Social Security numbers, addresses, beginning and end dates of employment, emergency contact information and other information.”
Human resource data is a frequent target of identify thieves. The hack also impacted some consumers who called in to the USPS customer care center earlier this year — hackers obtained their names, addresses, telephone numbers, email addresses — but postal service officials say those consumers are not at increased risk for identity theft.
USPS workers will get a free year of credit monitoring to help ward off identity theft trouble, but in a disturbing twist, sources told the Washington Post that the hackers don’t seem interested in making money using the stolen information. Instead, the Post says hackers from China are responsible for the attack, and their goal seems to be state sponsored cyber-espionage.
While the attack is said to have occurred in mid-October, it was revealed Monday, the day that President Obama arrived in Beijing for talks with Chinese President Xi Jinping.
Experts said rosters of U.S. employees would be useful to foreign intelligence agencies. While the USPS is not a government entity, it performs some government-like functions.
U.S. officials say hackers have targeted federal employees before. In August, U.S. officials said computer systems belonging to USIS, a federal contractor that conducts background checks on federal workers, had been compromised. Records of some 25,000 Department of Homeland Security workers were compromised in what was called a “state-sponsored attack.”
And in July, the New York Times revealed that U.S. officials blamed Chinese hackers for an intrusion into Office of Personnel Management computers, which store data on federal workers, targeting “tens of thousands of employees who have applied for top-secret security clearances.”
Chinese officials have repeatedly denied responsibility for such attacks, though it’s widely believed that both the U.S. and Chinese governments wrestle frequently in cyberspace.
There is little for consumers to do in light of the USPS attack, other than those who called for customer support last year. Those consumers should beware of phishing attacks targeting the email addresses they shared with postal workers.
Employees who work for a firm that loses employee data should take breach notifications they receive seriously. Human resource databases can contain very personal information, such as data on healthcare providers and even vacation days, making victims of employee database theft particularly vulnerable to serious identity theft incidents. Workers should take full advantage of free credit monitoring offers, including more-frequent-than-usual inspection of their credit reports. Sudden large changes in credit scores can also be an indicator of fraud, and is a good reason to check your credit reports for more details on what caused the change. (And one way to see your credit scores for free is on Credit.com.)
Employees should also carefully check their annual Social Security Administration benefits statements for unusual activity. And they should be wary of any unusual snail mail suggesting their identity has been used to obtain credit, licenses, or to open any other accounts using their information.
Image: By IFCAR, via Wikimedia Commons
April 11, 2023
Uncategorized
September 13, 2021
Uncategorized
August 4, 2021
Uncategorized