USPS data breach. Just in time for the Holiday!
CBS NEWS November 28, 2018, 8:45 AM
Postal Service’s Informed Delivery system could be used to steal your mail
The United States Post Office took a leap into the digital age last year with a service called Informed Delivery, which sends people an email with a preview of what’s coming in that day’s mail. But some criminals have figured out how to take advantage of the digital notification system and privacy advocates warn that before you sign up for Informed Delivery, you need to be informed.
The post office expects to deliver more than 900 million packages this holiday season and 13 million people have already signed up for the free service which emails you photos of what mail you’re going to be seeing later that day.
Bob Dixon developed Informed Delivery for the postal service and said it takes less than three minutes to sign up for the service. The post office asks people to verify their identity with questions like past cities and streets where they’ve lived and the sale price of their home. As privacy advocate Adam Levin warns, that kind of information could be on the dark web.
“It’s being collected by companies that collect and sell data. This kind of information is also oftentimes available on social media,” Levin said.
That can allow scammers to sign up with your name and address but their email. The Secret Service warns criminals can take advantage of Informed Delivery to “intercept mail and to further their identity theft fraud schemes.”
Chris Torraca, who had his identity stolen in a 2015 database breach, said a scammer used that hacked data to sign up for Informed Delivery in his name and swipe a credit card from his mail.
“Someone was receiving images and was monitoring I guess the neighborhood, and when they saw that the credit card came in the mail, they then proceeded to follow the postal delivery person,” Torraca said.
The postal service said households can opt out online from Informed Delivery and warns their inspectors are watching.
“Informed Delivery is a criminal’s worst nightmare because we are continually monitoring for any suspicious behavior, and anyone who misuses our products, we’re going to detect that. We’re going to shut down the accounts, and we’re going to conduct an investigation to bring that criminal to justice,” said Carroll Harris of the U.S. Postal Inspection Service
The U.S. Postal Service stresses that the actual Informed Delivery database has never been hacked, and said the best way to protect yourself from someone spying on your mail may be to sign up for the service with your own email address before someone else signs up as you.
© 2018 CBS Interactive Inc. All Rights Reserved.