At today’s House committee hearing on USPS data security and mail surveillance, USPS computer security czar Randy Miskanic told lawmakers that the USPS waited for two months to tell employees their data had been stolen because doing so sooner might have tipped off the hackers.
Congressman Stephen Lynch was not impressed:
“The secret squirrel stuff — we have to figure out how sophisticated these people were and what information they’ve got — that doesn’t fly,” said Stephen Lynch, D-Mass., ranking Democrat on the House Oversight and Government Reform’s subcommittee on the federal workforce, which held the hearing.
Legislation perhaps should be introduced "to make sure you cough up that information,” Lynch suggested.
"The way this should work is, as soon you know that a file has been compromised and it contains personally identifiable information — Social Security numbers — that employee should be notified," Lynch said. "If we go with your plan, a U.S. government agency could have the Social Security numbers for all its employees compromised and you’ll decide based on your own interests when the employees will be notified.”