Earlier this week the United States Postal Service announced that it had been hacked, most likely by Chinese hackers, who stole personal information including names, birth dates, Social Security numbers, home addresses and other personal information on as many as 800,000 employees of the Postal Service. Although generally this is the type of hacking that would lead to massive instances of identity theft, the Chinese, who usually limit their state sponsored hacking to corporate espionage of trade secrets of companies with which they compete, may have been looking for just additional data on Americans. Earlier this year, the Chinese hacked into the records of the federal Office of Personnel Management which conducts security clearance checks and this hacking was thought to be more closely related to counterintelligence or even recruitment purposes. However, in the Postal Service hacking it is purely speculative as to why the Chinese government did this hack.
Once again, we see that the federal government just like private industry is not doing enough to secure its data. Just as in the breaches of Home Depot and Target, the data breach was accomplished by the planting of sophisticated malware by way of phishing emails to federal employees who were lured into clicking on links in the tainted malware. A recent federal study showed that 20% of hacking of federal computers was started through federal employees clicking on links in phishing emails against federal policy.
So what does this mean to you and me? This is just another reminder that both government and the private sector have got to do a better job of protecting the data they store. It also reminds us that we must remain eternally vigilant to identity theft threats and continue to monitor our financial accounts and credit reports regularly.
Below you can find a television interview I did yesterday about this on NewsMax TV.