ALEXANDRIA, Va.–(BUSINESS WIRE)–The National Labor Relations Board (NLRB) has issued a Complaint against the Postal Service alleging that it violated federal labor law by failing to bargain with the National Rural Letter Carriers’ Association (NRLCA) and provide information to the NRLCA concerning last year’s massive Postal Service data breach. The Complaint, issued on March 31, stems from an unfair labor practice charge filed by the NRLCA on November 19, 2014. Continue reading
Network intruders compromised health information on current and former U.S. Postal Service employees who filed for workers’ compensation, USPS officials say.
The files were accessed during a previously reported September cyber intrusion that netted the Social Security numbers of about 800,000 USPS employees. Details of the health data breach are just now being revealed for the first time.
The agency does not face health data security fines or Health and Human Services Department breach notification violations, because the data was not part of an insurance plan.
About 485,000 employees, former employees and retirees whose medical details were potentially exposed received a notification letter last month, USPS spokesman David Partenheimer said.
The information potentially compromised was stored in "a file relating to injury compensation claims," USPS Chief Human Resources Officer Jeffrey Williamson said in the letter dated Dec. 10. "In addition some of your medical information” associated with the claims may have been breached.
From USPS News Link:
The CHRO reminds employees they recently received an activation code by mail for a credit-monitoring service that USPS is offering free of charge for one year. “If you have not already activated the service, I encourage you to do so,” he says.
Employees who have not received a letter should contact the HR Shared Service Center to have a replacement sent.
Additionally, the CHRO updates employees on a possible compromise into an injury compensation file, which USPS reported Nov. 10. “We cannot confirm the file was removed from the Postal Service network, but we cannot rule it out,” he says.
Employees whose information was contained in this file will receive a letter that identifies the data that may have been compromised. These letters were expected to be delivered by Dec. 19.
As the video concludes, the CHRO says the Postal Service will keep employees informed about its work to strengthen security. He also thanks employees for their patience and support.
“It is a testament to your commitment to serving the American public that this incident has not distracted you from delivering for our customers during our most important season,” Williamson says.
From the Mail Handlers Union:
December 18, 2014 – In a new development on the earlier data breach at the Postal Service, USPS has now sent individual letters to another group of employees who may have had personal information compromised. USPS informed us that a large number of Workers Compensation records were “possibly” compromised, in some cases including not only personal identifying information (such as social security number), but certain medical information and bank routing information as well. Further, these types of records go back many years, as opposed to the earlier reports related to records back as far as May 2012.
All affected employees and former employees should begin receiving letters this week from the Postal Service, alerting them to this possible breach, and recommending actions they should take to protect themselves.
If you are not sure whether your OWCP claim is one of those affected, or if you wish to speak with someone directly about your situation, you are encouraged to contact the USPS Human Resources Shared Service Center 1-877-477-3273 and choose option 5 (option 1 for TDD/TTY), Monday through Friday from 7 a.m. to 8:30 p.m. eastern time.
In an on-line story posted on our web site on November 19, 2014, we provided links to some helpful web sites that provide more information on data breaches, and how to protect yourself against adverse consequences. In addition to credit monitoring, some of these sites suggest that individuals consider protecting themselves against “existing account fraud” by placing a fraud alert, a freeze, or both on their credit report. In many states, victims of a data breach can freeze their credit for free, but be aware that such a freeze may be inconvenient if you are trying to obtain credit, such as applying for a new credit card, buying or renting a place to live, etc. We encourage you to review this information carefully to decide how best to protect yourself going forward, as the NPMHU National Office continues to do everything in its power to address this breach, and to prevent future breaches that may affect employees, retirees, and others at the Postal Service.
Union Notified of New Developments in USPS Data Breach – National Postal Mail Handlers Union.
Statement from APWU President Mark Dimondstein :
11/20/2014 – New revelations about the security breach in the Postal Service’s data systems are raising additional concerns about this very troubling incident. The APWU remains fully committed to protecting the rights of our members and demanding information from the USPS about what management knew and when they knew it.
Unfortunately, it appears the breach was worse than originally thought. Apparently, information regarding OWCP records that were shared with the Department of Labor exposed medical records, bank account and routing information for tens of thousands of employees and retirees. The Postal Service plans to issue follow-up letters to those impacted by the latest findings shortly. Continue reading
U.S. Postal Service officials are revealing more about the cyber intrusion at the agency that exposed the personal data of about 800,000 USPS employees.
Testifying before Congress Wednesday, Randy Miskanic, incident commander on the case and the USPS secure digital solutions vice president, laid out a nearly day-by-day timeline of the incident — from the time the Department of Homeland Security first notified the agency of suspicious network activity to when postal officials first notified employees of the breach nearly two months later.
At today’s House committee hearing on USPS data security and mail surveillance, USPS computer security czar Randy Miskanic told lawmakers that the USPS waited for two months to tell employees their data had been stolen because doing so sooner might have tipped off the hackers.
Congressman Stephen Lynch was not impressed:
“The secret squirrel stuff — we have to figure out how sophisticated these people were and what information they’ve got — that doesn’t fly,” said Stephen Lynch, D-Mass., ranking Democrat on the House Oversight and Government Reform’s subcommittee on the federal workforce, which held the hearing.
Legislation perhaps should be introduced "to make sure you cough up that information,” Lynch suggested.
"The way this should work is, as soon you know that a file has been compromised and it contains personally identifiable information — Social Security numbers — that employee should be notified," Lynch said. "If we go with your plan, a U.S. government agency could have the Social Security numbers for all its employees compromised and you’ll decide based on your own interests when the employees will be notified.”
Video of today’s House committee hearing on USPS data security:
The U.S. Postal Service is “functioning normally” after a recent cyber breach that compromised customer and employee data, and the agency has yet to find evidence that hackers used the information for identity theft, according to the agency’s head of digital security.
Randy Miskanic, USPS vice president for cybersecurity, called the attack “very sophisticated” but “limited in scope” in prepared testimony for the House subcommittee on the Federal Workforce, U.S. Postal Service and the Census. The congressional hearing on the breach is set for 10:30 a.m. Wednesday.
A review after the recent breach found that the various USPS divisions do not always follow the organization’s information-security policies and that critical systems were not properly segregated from the general network, Miskanic said in his prepared testimony.
From the National Association of Letter Carriers:
As previously reported, NALC is continuing to monitor the Postal Service’s response to the cyber breach that compromised a Postal Service computer file containing employees’ personal and employment information. NALC has filed a charge with the National Labor Relations Board protesting the Postal Service’s failure to provide NALC advance notice of, and an opportunity to bargain over, the Postal Service’s response to this breach. Pending resolution of this dispute, individual letter carriers may elect to enroll in the credit monitoring service offered by the Postal Service, with the knowledge that NALC may seek different or additional remedies.