With breaches of personal data being a top concern for federal agencies, the U.S. Postal Service faces a huge security risk of its own: It has jeopardized 13 million addresses of customers who are forwarding mail to their new homes.
That’s the alarming conclusion of an audit by the Postal Service inspector general’s office, which found that hundreds of companies with access to change-of-address records have little oversight by postal officials and porous security controls.
“There is a risk that the [data] could be accessed by unauthorized users,” auditors for Inspector General David Williams wrote in a report released last week. “Security controls . . . are not sufficient to protect the confidentiality and integrity of customer information.”
The inspector general estimated that 13,554,542 customer records with a potential value of $228 million are at risk.
More than 40 million Americans change addresses every year by submitting paperwork to the Postal Service electronically or filling out paper forms at their local post office to make sure their mail gets delivered to their new home.
Hundreds of companies then acquire the information through a database known as the National Change of Address Linkage (NCOALink), which contains more than 160 million change-of-address records. Those entities, which are licensed by the Postal Service, then sell the information to direct mailers and other advertisers.
Auditors found that the 515 companies with licenses to sell the information have little oversight from postal officials. The Postal Service is supposed to do security checks on them, but the agency has “never performed site security reviews of licensees’ environments,” auditors wrote, and does not ask the companies to submit security plans when they apply for licenses.
The companies stored some postal customers’ home addresses on databases shared by other companies. They also did not disclose the other businesses with which they share customer information, auditors wrote.
Access to the information is supposed to be available only to U.S. businesses. But auditors found 2,674 international mailers that have bought information from the licensees.
And the Postal Service has its own porous security where new addresses are concerned, auditors discovered; the addresses are stored on outdated computers that “a person could crack” because they lack security.
Auditors also found problems with change-of-address requests made on paper forms.
At a storage site in Jackson, Tenn., change-of-address forms were piled in boxes and left in open areas where any employee could access them, a violation of postal policy. The facility’s supervisor was not aware that the files needed to be stored securely to protect customers’ information, the inspector general found.
Postal officials agreed with some of the watchdog’s findings but disputed others.
They agreed to start conducting random security reviews by April 2015 of the businesses they license to use the database of change-of-address requests. They also agreed to upgrade some software in the database that holds the addresses to make them more secure.
But they told the inspector general in a written responses to the report that other security flaws were not necessarily systemic, because auditors visited only one site. They declined to take other security precautions auditors recommended.