Report: China behind Postal Service hack

Even as President Obama and Secretary of State John Kerry hold trade talks in Beijing with an emphasis on cybersecurity, the Chinese government is being accused in a Monday report of hacking the U.S. Postal Service (USPS).

The suspected cyberattack from China’s government exposed more than 800,000 USPS employees’ personal information, according to The Washington Post.

{mosads}USPS confirmed the breach, which stretched back to at least the beginning of January, but said no customer payment card data had been exposed. Neither the agency nor the FBI could not confirm China’s involvement in the attack.

“The intrusion is limited in scope and all operations of the Postal Service are functioning normally,” the USPS said in a statement. 

The information lifted included employees’ names, birth dates, social security numbers and addresses.

Although no customer payment data was pilfered, hackers swiped call center data going back to Jan. 1. That includes names, addresses, telephone numbers and email addresses of people who contacted the Postal Service’s Customer Care Center.

“At this time, we do not believe that potentially affected customers need to take any action as a result of this incident,” the USPS said.

Kerry, who traveled to Beijing ahead of Obama, raised cyber issues briefly in public remarks Saturday, saying the U.S. was “determined” to make progress with China on cybersecurity.

“Our approach is careful; it’s got to be based on reciprocity and on fairness,” Kerry said.

China is also suspected in recent hacks of U.S. Investigations Services, the government’s main security clearance contractor, and the Office of Personnel Management, where cyber thieves went for information on employees with top-secret clearances.

Despite the planned talks on these issues in Beijing this week, experts don’t believe much progress is on the horizon.

“I think there will be statements, and then they’ll move on,” said Adam Segal, an expert on China and cyber policy at the Council on Foreign Relations. “I don’t see any signs there’s going to be any breakthrough on this issue.”

The Postal Service has upped its security measures since the FBI notified them of the attack in mid-September.

This past weekend, the USPS’s system had occasional outages, and the delivery of external email was delayed as the Department of Homeland Security helped install new cyber defenses.

Following the incident, House Oversight Committee Chairman Darrell Issa (R-Calif.) renewed his calls to reform government information security standards.

The 12-year-old Federal Information Security Management Act (FISMA), which sets the government’s data security standards, is in “dire need” of an update, Issa said.

— Updated 2:45 p.m.