USPS notified 5,400 online store customers after their data were inadvertently revealed to others

A few days ago, I received an inquiry from someone who had logged into her USPS online store account, only to see another customer’s name, address, and last four digits of their credit card number.  Understandably concerned, she contacted customer service who told her that it was a “known error” and that letters would be going out. Customer service also suggested that the problem had occurred after a recent update.

In response to my inquiry to USPS, a spokesperson indicated there did seem to be a coding issue and that

On October 28, 2011 we became aware that some of our customer’s credit card information that was stored on usps.com may have been exposed. The U.S. Postal Service and the U.S. Postal Inspection Service are conducting an investigation into a systems failure on why this happened. Postal Service computer technicians are working around-the-clock to minimize any impact this incident may have caused our customers. The privacy and security of this data is of critical importance to the Postal Service. We apologize for any inconvenience this situation may have caused our customers.

About 5400 customers received the letter dated Nov. 8. Testing to fix the situation is going well.

Thanks to the reader who brought this breach to my attention.   If you discover a breach that has not been reportedly publicly, e-mail breaches[at]databreaches.net with details and I’ll try to look into it, as time permits.

Updated 11-12-11:  USPS just sent me an update confirming that it was a coding issue and that it’s been resolved.

About the author: Dissent