NLRB hits Postal Service over response to cyber breach

Good additional info on data breech-the unions raise legitimate concerns that most employees should have. EAS and craft alike.

 I am surprised that NAPS and the Postmaster groups have been so silent on this important matter, especially since most EAS make more than the craft and probably have more assets that could be at risk.

If someone accidentally leaves one document with any personal information on a copy machine everyone goes nuts, but this huge breech was kept silent as if it was nothing, and the credit monitoring was only for one year. We all know that our personal information is valid until the day we die and this was our employer keeping information from us for a long period of time. Even retirees’ information was compromised. There are more details in this information from the courts than what was released to us by the USPS………

President Mary Burkhard 

By Josh Hicks April 9

 

The National Labor Relations Board has filed a complaint calling on the U.S. Postal Service to negotiate with employee groups over how quickly to tell personnel about cyber attacks that affect their personal data. 

The March 31 action came in response to allegations that the agency violated federal labor law by not bargaining with postal unions over an appropriate timeline for alerting workers about a network breach last year.

The Postal Service has until April 14 to answer the complaint, and a trial before an NLRB administrative-law judge is scheduled to take place  May 11 in Washington, D.C.

The USPS said it is still reviewing the allegations, which came from the American Postal Workers Union, the National Letter Carriers Association and the National Rural Letter Carriers Association. The agency also noted that it took steps to protect employees affected by the intrusion.

“Once employees could be notified of the cyber breach, the Postal Service did offer all impacted employees one year of free credit-monitoring services, in order to protect them from identity theft,” USPS said in a statement on Wednesday.

During the cyber breach last year, hackers stole sensitive personnel information, including names, dates of birth, Social Security numbers and addresses for about 800,000 postal staff, including then-Postmaster General Patrick Donahoe.

The Postal Service realized a possible intrusion had occurred Sept. 11, but it didn’t inform employees until Nov. 10.

Randy Miskanic, the agency’s head of digital security, testified before Congress last year that the USPS did not confirm the theft of data until Nov. 4. He also said the Federal Bureau of Investigation and the Department of Homeland Security advised the mail service not to reveal the attack too soon because it could trigger bolder efforts to sabotage the network.

 

The NLRB complaint calls on the Postal Service to publish notices about the alleged labor-law violations and bargain with postal unions “for a minimum of 15 hours a week until an agreement or lawful impasse is reached or until the parties agree to a respite in bargaining.”

 

The American Postal Workers Union applauded the action in a statement  Wednesday. “By issuing this complaint, the NLRB is recognizing employee rights in the information age,” APWU President Mark Dimondstein said.