https://thehackernews.com/2018/11/usps-data-breach.html
US Postal Service Left 60 Million Users Data Exposed For Over a Year
Even our postal service is susceptible to weak APIs…? Yeah even the government has weaknesses. What might make this worse is the cyber security researcher notified USPS of the vulnerability over a year ago and nothing was done. 60 Million USPS users data was exposed for over a year. USPS did finally do something about it and when they went to action it only took them two days. Two. 48 hours before they fixed it required a journalist contacting USPS on behalf of the researcher to initiate a response. OH, and what a silly response it is:
“We currently have no information that this vulnerability was leveraged to exploit customer records.”
“Out of an abundance of caution, the Postal Service is further investigating to ensure that anyone who may have sought to access our systems inappropriately is pursued to the fullest extent of the law.”
in other words, “we’re good” because we don’t know of any breaches.
NICE!
Xinteng Chen says
Hi Brock
Thanks for sharing the information to us. It is significant for an organization to protect customers’ information. Organizations should remain the information based on the requirements of laws. In addition, the organization should determine the reasonable methods to destroy the data based on the classification level of the information. The organization should also have data breach response plan to reduce the loses of data breach.