The U.S. Postal Service is “functioning normally” after a recent cyber breach that compromised customer and employee data, and the agency has yet to find evidence that hackers used the information for identity theft, according to the agency’s head of digital security.

Randy Miskanic, USPS vice president for cybersecurity, called the attack “very sophisticated” but “limited in scope” in prepared testimony for the House subcommittee on the Federal Workforce, U.S. Postal Service and the Census. The congressional hearing on the breach is set for 10:30 a.m. Wednesday.


The Postal Service discovered a cybersecurity breach at the agency in September that affected customers and 800,000 employees. (REUTERS/Mike Blake)

The cyber attack affected 800,000 Postal Service employees, workers who left the agency more than two years ago, and customers who contacted the organization’s customer-service center by telephone or e-mail.

Miskanic said the USPS has found no evidence that the data has been used for “malicious activity,” or that “any customer credit card information from retail or online purchases, change of address or other services was compromised.”

Analysts have said that Chinese hackers are likely responsible for the intrusion and that the date could be useful for counterintelligence and recruitment purposes, according to a Washington Post report.

A review after the recent breach found that the various USPS divisions do not always follow the organization’s information-security policies and that critical systems were not properly segregated from the general network, Miskanic said in his prepared testimony.

The postal official also said that USPS  is taking steps to address those issues, in addition to increasing its network monitoring, improving controls over user management and collaborating more with the federal government’s Computer Emergency Readiness Team to better understand the tactics used by adversaries.

Miskanic added that some of the changes would “require the procurement of new hardware and information-security services.”

Wednesday’s hearing will also cover an investigative technique known as mail covers, in which law-enforcement agencies ask the Postal Service to provide information located on the outside of individuals’ envelopes and parcels before the items are delivered. The practice does not involve reading the contents of the mail.

Chief Postal Inspector Guy Cottrell and USPS Deputy Inspector General Tammy Whitcomb are set to testify about the controversial issue. Additionally, Prince George’s County Police Capt. Charles Hamby, a proponent of mail covers, and Timothy Edgar, a critic of the practice from Brown University’s Watson Institute for International Studies, are also slated to testify.