What does a change of address form and cyber security strategy have in common?

In this True Tales Blog post, we’ll tell you the whole wacky story. You’ve got mail!

Problems with mail delivery is universal.

 

Everyone has a story of something going wrong with the postal service delivering their mail.  My personal best was when it took three months for USPS to complete a simple Return to Sender; I sent out a card in January and got it back marked Delivery Impossible in April.  Why it took them three months to figure this out and return it, I’ll never know. But this story beats mine hands down.

In October 2017, a Chicago resident submitted a USPS Change of Address form changing the mailing address of UPS headquarters to his own apartment in Atlanta.  He even messed up the form, signing his own initials before scratching them out and replacing them with UPS. Nonetheless, the form was accepted and mail directed to UPS headquarters was delivered to his Chicago apartment for over two months in volumes requiring the mail carrier to leave a USPS bin outside his door to hold it all.  USPS only did something about the situation when UPS headquarters informed the U.S. Postal Inspection Service (the law enforcement arm of USPS) of the issue.

The kicker? They found over 3,000 pieces of mail in his apartment addressed to USPS and he deposited at least 10 stolen checks totaling 58,000 USD.

If you think that cybersecurity begins and ends with your company’s computer systems, it might be time to think again.  

How pervasive is this threat? Well, USPS has received over 45,000 questions or complaints about suspicious change of address forms since January 2016.  Obviously, these requests don’t receive much scrutiny (no-one thought it was suspicious that mail for a huge company located in Atlanta was being delivered to an apartment in Chicago?), so an attacker could easily change the address of your company or one of your customers or employees to gather sensitive information.

Consider even a change of address form and cyber security strategy in the same context of company and information protection. For large organisations or small, it’s important to consider every method that an attacker could use to steal sensitive data and take steps to monitor or prevent something like this from happeneing to your organisation. So, what kinds of personal information do you send via mail to your clients and employees?

Don’t take our word for it? Check out this NPR Article.