12.18.14 The Mail Handlers Union reported: In a new development on the earlier data breach at the Postal Service, USPS has now sent individual letters to another group of employees who may have had personal information compromised. USPS informed us that a large number of Workers Compensation records were “possibly” compromised, in some cases including not only personal identifying information (such as social security number), but certain medical information and bank routing information as well. Further, these types of records go back many years, as opposed to the earlier reports related to records back as far as May 2012.

On November 10, 2014 USPS said: What information was accessed?
“While the investigation is continuing, we have determined that the information potentially compromised in the incident included some employee personally identifiable information (PII) such as names, dates of birth, social security numbers, addresses, beginning and end dates of employment, emergency contact information and other information. In addition, we are aware of a possible compromise of injury claim data that we are still investigating involving a small number of employees.”

On November 19, 2014, Randy Miskanic, Vice President of Secure Digital Solutions,United States Postal Service in his written testimony wrote: “As the technical analysis of the intrusion identified the scope of the breach, we tailored messaging to ensure all affected victims would be provided with the information necessary to assist in protecting them from the consequences of any illegal use of the compromised data.”

On November 20, 2014 APWU reported,  “Apparently, information regarding OWCP records that were shared with the Department of Labor exposed medical records, bank account and routing information for tens of thousands of employees and retirees.” The Postal Service plans to issue follow-up letters to those impacted by the latest findings shortly.

USPS has yet to post a news release and/or address the issue.

Today, I contacted several retired postal employees, who were injured on the job, to alert them about the possibly of their personal information being stolen.  They told me “Are you sure? There is nothing in the news from USPS.”

What is not being told is the OWCP data may include personal information on family members or dependents.

For example, Form CA-7, Claim for Compensation, includes the social security numbers of all dependents:

 

 

 

 

What about information on FMLA data, veterans DD214? What did USPS mean when it reported “other information” was possibly stolen?

Still developing……

As a side note: A postal worker experienced  her social security number getting stolen when thieves broke into PO Box. The social security number was on a document from OWCP.  The thieves attempted to open credit card and bank accounts.The thieves also tried to access her Thrift Savings Program (TSP) Account by first changing the address on record. But the postal worker had all of her credit, bank and checking accounts put on lockdown. She filed a fraud alert with the FTC, SSA, DMV,  credit reporting agencies, check systems and even Costco. Costco can be used as substitute ID  at several agencies including boarding an airplane. When she heard about the USPS data breach including OWCP data, she had all of her family members as a precaution put a lock on all of their accounts. Fortunately and due to quick action once she found out her social security number was stolen, there was no monetary loss.  However, she said, ” I must monitor all of my accounts and anything associated for the rest of my life.”