The US Postal Service fell victim to a network attack that may have compromised the personal information of more than 800,000 employees as well as customer details.
Affected employee data may include names, dates of birth, Social Security numbers, addresses, beginning and end dates of employment and emergency contact information, the Postal Service revealed today.
"The intrusion is limited in scope and all operations of the Postal Service are functioning normally," USPS spokesman David Partenheimer said in a statement.
The intrusion may also have compromised data on customers who contacted USPS' customer care centre by telephone or email from January through August 16 this year, he said.
Partenheimer said the attack was carried out by a "sophisticated actor" not interested in identity theft or credit card fraud.
Cybersecurity experts said it was too soon to know who was behind the attack but agreed the Postal Service was a rich target.
"There's a lot of information there and it has great value to nation-states like China or cybercriminals in Russia," said George Kurtz, chief executive of cybersecurity firm CrowdStrike.
"The US Post Office moves billions of letters each year and all of that is captured digitally. The information flow of where letters and packages and correspondence are going and who is talking to whom is very interesting to them."
The Postal Service said it would pay for credit monitoring services for employees for one year. The breach did not affect credit card data from retail or online services including Click-N-Ship, the Postal Store, PostalOne! or change of address services, it said.
Edward Ferrara, vice president at Forrester Research, said the data could be used to launch secondary phishing attacks or to gain information about government cyber defenses.
The FBI is leading the investigation. A bureau spokesman declined to provide details.
The Postal Service breach follows a similar attack reported in August at a firm that performs background checks for US government employees, US Investigations Services (USIS), which compromised the data of at least 25,000 workers.
Cyber attacks on retail outlets, such as Home Depot and Target, have been much larger, affecting tens of millions of customers.
US Representative Elijah Cummings - the senior Democrat on the House of Representatives Oversight and Government Reform Committee - today sent Postmaster General Patrick Donahoe a letter asking for more information on the attack.
"The increased frequency and sophistication of cyber-attacks upon both public and private entities highlights the need for greater collaboration to improve data security," he wrote.