USPS Fixes Informed Delivery Security Flaw

USPS Postal Service

The U.S. Postal Services (USPS) has fixed a security flaw within its Informed Delivery service that was allowing criminals to perpetrate a multitude of identity theft and credit card fraud schemes. The flaw, which MeriTalk reported on earlier this month, exposed the personal information of 60 million users who have usps.com accounts. In some cases, fraudsters were able to alter account details for other users. However, USPS has since patched the weakness. In a statement, USPS said, “Any information suggesting criminals have tried to exploit potential vulnerabilities in our network is taken very seriously. Out of an abundance of caution, the Postal Service is further investigating to ensure that anyone who may have sought to access our systems inappropriately is pursued to the fullest extent of the law.” One such arrest has already been made. In September 2018, seven individuals were arrested with an 18-count indictment–including aggravated identity theft, possession of stolen mail, access-device (credit or debit card) fraud and conspiracy to commit fraud, and aggravated identity theft–stemming from their use of Informed Delivery to open and steal fraudulent credit cards.

Recent