-- The U.S. Postal Service said today it has been the victim of “a cyber-security intrusion” that exposed the personal information of some 800,000 employees.
The FBI is investigating the source of the attack, but a source briefed on the incident told ABC News it appears to have originated in China and has been going on for the last two months.
The USPS said on its website that the intrusion “is limited in scope and all operations of the Postal Service are functioning normally.”
Employee information, like names, addresses and Social Security numbers, may have been compromised, the USPS said.
The agency said there is “no evidence” any customer credit card information was exposed, but the attack also compromised some call center data and may have swept up names, addresses telephone numbers and email addresses of people who provided that information between January and August this year.
The source told ABC News the attack is suspected to be the work of state actors in China, but said today’s disclosure by the USPS was unrelated to President Obama’s current visit there.
“It’s an unfortunate fact of life these days that every organization connected to the Internet is a constant target for cyber intrusion activity. The United States Postal Service is no different. Fortunately, we have seen no evidence of malicious use of the compromised data and we are taking steps to help our employees protect against any potential misuse of their data," Postmaster General Patrick Donahoe said. "As a result of this incident we have significantly strengthened our systems against future attacks. We take such threats seriously and regularly take action to protect our networks, our customers’ data and our employees’ information."
Shawn Henry, former FBI Executive Assistant Director and current President of the cyber security firm CrowdStrike Services, said investigators will draw on the “tactics, techniques and procedures” that the hackers used to determine who’s behind the breach.
“The information in and of itself, people’s names and addresses, you can get out of phone books,” Henry said. “[But] it’s a stark reminder of how critically insecure our infrastructure is. If this is in fact state sponsored, the U.S. needs to have some pretty candid conversations with the Chinese government.”
Top U.S. officials have publicly blamed Chinese actors for previous cyber attacks -- allegations the Chinese government repeatedly denies and calls counter-productive.
ABC News' Lee Ferran contributed to this report.