USPS cyber breach: Agency halts teleworking, union files charges with NLRB
The United States Postal Service has suspended its teleworking program and must now answer to charges filed with the National Labor Relations Board by one of its biggest unions that the agency mishandled the response to a major computer security breach that may have compromised personal information belonging to as many as 800,000 current and former USPS employees.
In an email to FedScoop Wednesday morning, USPS spokeswoman Sue Brennan confirmed that the agency has halted its teleworking program in response to the breach. Brennan also said no timeline was currently in place as to when the program would be reinstated.
“We will notify employees about this when we have additional information,” Brennan said.
The virtual private network, or VPN, which allows most employees to telework, “was identified as vulnerable to this type of intrusion and will remain unavailable as we work to make modifications to this type of remote access to our networks,” according to a frequently asked questions document distributed to employees in the wake of the cyber intrusion.
The notice added, “When VPN is available again, users will notice changes in functionality. We will have additional information about VPN in the near future.”
The telework stoppage comes after the USPS announced Monday that its employees’ personally identifiable information, including their social security numbers, had been potentially compromised in a cyber intrusion to the agency’s network. The public announcement of the breach came almost two months after the USPS’ inspector general alerted the agency that its systems had been compromised.
USPS Chief Information Security Officer Chuck McGann declined to comment to FedScoop on the breach.
Union files charges against USPS leadership
Meanwhile, the American Postal Workers Union, which represents more than 200,000 postal employees, is fuming over the agency’s response to the hack. The union announced it had filed charges with the National Labor Relations Board in protest of the Postal Service’s failure to involve unions while handling the breach.
“We have already filed charges with the National Labor Relations Board protesting the Postal Service’s failure to bargain over the impact of the security breach,” APWU President Mark Dimondstein said in a letter to union members. “We are demanding information from the USPS about the extent of the breach — both known and suspected — and what postal management knew, when they knew it and what they did, or failed to do, to protect employee information.”
According to the letter from Dimondstein, the postmaster general called him the evening before the incident was announced.
“It was just a courtesy call, not a discussion with the APWU about how to deal with the problem and its negative consequences to the workforce,” Dimondstein said. “While the Postal Service has been aware of the security problems for months, they kept you and your union leadership in the dark.”
This is not the first time Dimondstein has thrown barbs at the USPS executive leadership team. In July, Dimondstein presided over a vote of the union to call for Donahoe’s resignation.
Despite the “courtesy call” from Donahoe, Dimondstein said that he, along with other APWU leaders, would be personally involved as the union addresses its concerns. The letter also said the union would include other postal unions in the discussion process as well.
“The APWU is fully committed to defending the privacy rights of all our members,” Dimondstein said. “Unfortunately, cybercrime is real and effective. But we are outraged that this happened. We do not know at this point whether management did everything in their power to protect our privacy, but they bear the ultimate responsibility.”
USPS spokeswoman Sue Brennan declined to comment “on any type of pending legal matters.”