USPS Data Breach Was For Profit – ‘Health Files’ Fetch Handsome Figures, Indicate Investigators
The USPS data breach that took place in November could have been orchestrated primarily for financial gains, indicated the investigators.
USPS Chief Human Resources Officer Jeffrey Williamson confirmed that data stored in “a file relating to injury compensation claims” was illegally accessed and siphoned-off by hackers. Health information of as many as 485,000 USPS employees could have been compromised in the hack.
Incidentally, the data servers of the United States Postal Service (USPS) were illegally tapped into in September, but the information about the crime surfaced in November. The coordinated stealth attack was earlier estimated to have resulted in almost 800,000 USPS employees having their personal health data exposed. However, these earlier estimates were greatly exaggerated, stated Williamson.
Though the number of affected USPS employees may be almost half of earlier estimates, those affected, now have their personal details like names, dates of birth, Social Security numbers, addresses, beginning and end dates of employment, emergency contact information and other information, out in the open, available for anyone to purchase on the black-market for digital content.
Stealing of healthcare related information is highly lucrative for the cyber criminals. That is the primary reason the hackers may have targeted this particular file, shared investigators. Underground forums typically charge a dollar for a stolen credit card. This is mainly because credit card theft has a very limited validity and ‘shelf-life.’
On the other hand, health insurance credentials can fetch as much as $20 per person. Such personal details do not have any shelf-life. Moreover, multiple pieces of information help the companies who buy such data, build a comprehensive profile of their ‘target’. Another factor that makes the health insurance details valuable is that there are virtually no checkpoints to monitor their misuse. While credit monitoring facilities do have alarm systems that trigger whenever there is unusual activity on the card, data like this can be used as and how desired by the buyer.
Data breaches like these will only increase in the future if companies do not take immediate measures to bolster their anti-intrusion technologies. Surprisingly, in case of USPS, hackers managed to exploit a USPS server’s weak default password.
As a result of the hack, USPS has stated that it will immediately set out to change the way it saves important employee information. Additionally, USPS has also revealed that it will soon upgrade its systems and equipment to deter future attacks.
[Image Credit | Fast Company]
