DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

USPS notified 5,400 online store customers after their data were inadvertently revealed to others

Posted on November 12, 2011 by Dissent

A few days ago, I received an inquiry from someone who had logged into her USPS online store account, only to see another customer’s name, address, and last four digits of their credit card number.  Understandably concerned, she contacted customer service who told her that it was a “known error” and that letters would be going out. Customer service also suggested that the problem had occurred after a recent update.

In response to my inquiry to USPS, a spokesperson indicated there did seem to be a coding issue and that

On October 28, 2011 we became aware that some of our customer’s credit card information that was stored on usps.com may have been exposed. The U.S. Postal Service and the U.S. Postal Inspection Service are conducting an investigation into a systems failure on why this happened. Postal Service computer technicians are working around-the-clock to minimize any impact this incident may have caused our customers. The privacy and security of this data is of critical importance to the Postal Service. We apologize for any inconvenience this situation may have caused our customers.

About 5400 customers received the letter dated Nov. 8. Testing to fix the situation is going well.

Thanks to the reader who brought this breach to my attention.   If you discover a breach that has not been reportedly publicly, e-mail breaches[at]databreaches.net with details and I’ll try to look into it, as time permits.

Updated 11-12-11:  USPS just sent me an update confirming that it was a coding issue and that it’s been resolved.

No related posts.

Category: Breach IncidentsExposureGovernment SectorU.S.

Post navigation

← DARPA BRINGS NEW FOCUS TO CRITICAL AREA FOR NATIONAL SECURITY
US committed to developing positive ties with China →

8 thoughts on “USPS notified 5,400 online store customers after their data were inadvertently revealed to others”

  1. Chris says:
    November 12, 2011 at 10:09 am

    Makes one wonder what testing the “update” went through, and whatever undiscovered issues there are.

    1. admin says:
      November 12, 2011 at 10:35 am

      How many times have we seen similar exposure breaches following an upgrade or update? We don’t have a separate category for purposes of data analyses, but I know we’ve seen it a bunch of times.

  2. Susan says:
    November 13, 2011 at 12:15 pm

    If they discovered it Oct. 28th, why did it take 11 days to notify the people???

    1. admin says:
      November 13, 2011 at 12:31 pm

      Maybe they waited to notify until they could determine whether the problem was from a coding error vs. some other type of problem. They also needed to determine exactly which customers were affected. Eleven days from discovery to mailing letters is really not an unreasonable amount of time, although I would have wished that they had posted something on their web site alerting people.

  3. Steve says:
    November 13, 2011 at 12:23 pm

    When I worked for the USPS (39 yrs) I had an IMPAC Visa card and it was mandatory that we tell ALL vendors NOT to keep our credit card number on file. If they refused we were not allowed to use them.

    Why does the USPS break its own regulation?

  4. cdinwv says:
    November 13, 2011 at 11:35 pm

    If USPS thinks this will help their efforts to promote online retail purchasing, they should think again. I do not trust usps.com to keep my financial information stored nor to conduct transactions on their website. That is why I use a post office facility. USPS doesn’t have the knowledge to handle the issues they already have and by closing down their retail brick and mortar access, they are only leading their retail products and growth into quicker demise.This proves it. Get a grip USPS! Customer security should come first and no customer should ever allow a code error or security issue to compromise their trust in any company when doing business online. Complain people!USPS has to stop wanting to do what it wants and remember the security and service to the people first!

    1. admin says:
      November 14, 2011 at 9:12 am

      Customers do not have to store their credit card numbers. Some choose to as a matter of their own convenience.

  5. PaleWriter says:
    November 14, 2011 at 1:09 pm

    All this around the same time USPS national TV advertising was promoting security of Post Office versus internet theft? Guess postal officials were right.

Comments are closed.

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • CMS warns Medicare providers of fraud scheme
  • Ex-student charged with wave of cyber attacks on Sydney uni
  • Detaining Hackers Before the Crime? Tamil Nadu’s Supreme Court Approves Preventive Custody for Cyber Offenders
  • Potential Cyberattack Scrambles Columbia University Computer Systems
  • 222,000 customer records allegedly from Manhattan Parking Group leaked
  • Breaches have consequences (sometimes) (1)
  • Kansas City Man Pleads Guilty for Hacking a Non-Profit
  • British national “IntelBroker” charged with causing $25 million in damages; U.S. seeks his extradition from France
  • France issues press statement about arrest of ShinyHunters members
  • Patients Allege Home Delivery Pharmacy Failed to Timely Notify Them of Data Breach

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Justices nix Medicaid ‘right’ to choose doctor, defunding Planned Parenthood in South Carolina
  • European Commission publishes its plan to enable more effective law enforcement access to data
  • Sacred Secrets: The Biblical Case for Privacy and Data Protection
  • Microsoft’s Departing Privacy Chief Calls for Regulator Outreach
  • Nestle USA Settles Suit Over Job-Application Medical Questions
  • NY Attorney General James Affirms Hospitals Must Provide Access to Emergency Abortion Care
  • How Internet of Things devices affect your privacy – even when they’re not yours

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.