Testifying at a House hearing, a United States Postal Service official defended the delay in notifying USPS workers of a breach that exposed employees’ Social Security numbers, contending authorities didn’t initially know what data was pilfered. The official, Randy Miskanic, also said the government didn’t want to tip off hackers that it was aware of the breach.
Still, Rep. Stephen Lynch, the ranking member of the House Oversight and Government Reform Subcommittee on Federal Workforce, U.S. Postal Service and the Census, criticized the USPS for the breach notification delay. The Massachusetts Democrat said that the exposure of the personally identifiable information posed such a great risk to employees’ identities that notification should have occurred as soon as the Postal Service became aware of the breach.
The Nov. 19 hearing explored the breach in which the PII of some 800,000 USPS workers was exposed. The breach also exposed 2.9 million customer complaint files containing contact information, officials revealed at the hearing. The USPS first learned of the breach on Sept. 11 but didn’t notify employees until Nov. 10.
Miskanic, USPS vice president for secure digital solutions, gave three reasons why the Postal Service delayed going public with the breach, including notifying employees: