November 19, 2014 - The NPMHU continues to press the Postal Service for answers regarding the recent data breach affecting all postal employees and some postal retirees. We have requested a meeting to determine what the Postal Service knew, when they knew it, and why the Unions and employees were not notified more promptly. We also remain doubtful that one year of credit monitoring will be adequate, and we have other concerns that the Postal Service may need to take additional steps to adequately protect all employees in the aftermath of this breach. We intend to pursue all avenues available to us to ensure that all mail handlers and former mail handlers are given the protections they deserve due to this intrusion into their personnel records.
There was a House Subcommittee hearing earlier today, on the morning of November 19, 2014, which dealt, in part, with the data breach. Randy Miskanic, the USPS Vice President for Secure Digital Solutions, testified; a copy of his testimony is available at this link for your review. Several Members of Congress, including Representatives Stephen Lynch (D-MA), Danny Davis (D-IL), and Elijah Cummings (D-MD), expressed their displeasure over the Postal Service’s delay in informing the Postal Unions and employees about the breach, and noted specifically that employees should be informed immediately whenever their Social Security Numbers might be compromised. Based on the submitted testimony, USPS had some knowledge that private information was compromised in mid-September, but the scope of that breach was not known until October 16, 2014, and even then investigatory and law enforcement authorities wanted to maintain secrecy to counteract and pursue the hackers before publicly acknowledging the breach.
In the meantime, the NPMHU strongly recommends that all mail handlers and former mail handlers, who left the USPS since May 2012, sign up for the free credit monitoring service that is being offered by the Postal Service. Such credit monitoring services are helpful in protecting yourself against identity theft and what is known as “new account fraud.” Attached to this posting is a sample of the letter that you should have received, along with the instructions for signing up for this service. If you have not received this letter yet, you are encouraged to call USPS Shared Services at 1-877-477-3273 (option 5).
Linked here are some helpful web sites that provide more information on data breaches, and how to protect yourself against adverse consequences. In addition to credit monitoring, some of these sites suggest that individuals consider protecting themselves against “existing account fraud” by placing a fraud alert, a freeze, or both on their credit report. In many states, victims of a data breach can freeze their credit for free, but be aware that such a freeze may be inconvenient if you are trying to obtain credit, such as applying for a new credit card, buying or renting a place to live, etc. We encourage you to review this information carefully to decide how best to protect yourself going forward, as the NPMHU National Office continues to do everything in its power to address this breach, and to prevent future breaches that may affect employees, retirees, and others at the Postal Service.