A few weeks ago the United States Postal Service (USPS) patched up a vulnerability that has been revealing the details of sixty million people, predominantly US residents, over the last year. About a year ago an anonymous cybersecurity researcher tipped off the Post Office about the vulnerability, but USPS failed to address the issue. After a long wait, the cybersecurity expert had no other choice but to inform the media about the problem hoping that public attention would prompt a reaction from the independent agency of the United States government. As soon as the security flaw became public, the Postal Service patched the vulnerability.
The cybersecurity flow affected the personal details of people who have signed up for USPS’ Informed Visibility service. As you might already know, Informed Delivery is a service that provides end-to-end mail tracking information for letter and flat pieces, bundles, handling units, and containers. The API exploit enabled anyone with basic IT knowledge and a username and a password to export information about other users. This includes private information such as usernames, account numbers, physical addresses, email addresses, phone numbers, authorized users and additional information. Currently, there is no evidence confirming that sensitive information such as account passwords, banking details, or social security numbers may have been exposed.
In a statement to the media, Postal Service media representative said that currently, USPS has no information that this security flaw was ever used for criminal purposes but are continuing the investigation. Their goal is to ensure that anyone who might have sought to access their systems inappropriately is pursued to the fullest extent of the law. On a question why USPS took a whole year to deal with the reported issue, USPS spokesperson said they currently do not have evidence that the cybersecurity expert reached out to them in 2017.
USPS has been under fire in the past too; the independent government agency exposed personal details of almost all USPS employees in a hack back in 2014. The hack included workers’ compensation records of nearly 500,000 people and approximately 3 million customer-inquiry records. The current 2018 is not going well either, apart from being constantly dragged in the fight between President Trump and Amazon’s Jeff Bezos, in August the U.S. Postal Service had to apologize to a Democratic congressional candidate and a former CIA operative Abigail Spanberger for accidentally releasing her records to a Republican super PAC.
Panda Security specializes in the development of endpoint security products and is part of the WatchGuard portfolio of IT security solutions. Initially focused on the development of antivirus software, the company has since expanded its line of business to advanced cyber-security services with technology for preventing cyber-crime.
Panda Free Antivitus
FREE TECHNICAL SUPPORT
3 comments
For your info,after joining USPS , all along someone whom I thought a personal from USPS had been giving me free govt details and a complete profile of me as a US resident living in Florida California..Finally I had been hacked of my Google, Paypal and my banking OCBC
Y’all want a scoop on something kinda similar going on here in GA? Get at me.
This is a sad news