Three days after admitting its systems were hacked and 800,000 employee records stolen, the United States Postal Service is under attack again – this time from the American Postal Workers Union (APWU).
The Union claims it was left in the dark about the breach and received nothing but a “courtesy call” from Postmaster General Patrick Donahoe the night before the USPS announced the breach.
APWU President Mark Dimondstein filed a complaint with the National Labor Relations Board claiming that the USPS announced the breach in the same timeframe it made unilateral changes in wages, hours and working conditions for employees. In the complaint, Dimondstein noted those changes included free credit monitoring services to employees.
Recent data breaches involving retailers and other businesses have been marked by post-breach offers to victims of free credit reporting services.
The APWU chief said the juxtaposition of the breach announcement and the monitoring service benefit left no time for the Union to help decide protections on behalf of its members.
“The Postal Service did not give the Union advance notice that would enable it to negotiate over the impacts and effects of the data breach on employees,” Dimondstein wrote in the complaint.
In a 300-word memo to Union members, he said, “We are demanding information from the USPS about the extent of the breach – both known and suspected – and what postal management knew, when they knew it, and what they did, or failed to do to protect employee information.”
He called the breach a “very troubling matter” and said the Union leadership was outraged.
“We do not know at this point whether management did everything in their power to protect our privacy, but they bear the ultimate responsibility,” he said in the memo.
Liability in data breach cases has proven to be a legal quagmire. And debate rages on when and how data breaches should be announced.
In March, Trustmark National Bank and Green Bank NA filed a complaint in Chicago federal court seeking at least $5 million and accusing Target Corp. and Trustwave Holdings Inc. of failing to properly secure customer data, enabling the theft of about 40 million payment card records plus 70 million other records, including addresses and phone numbers. It was one of dozens of lawsuits against the retailer in the wake of a . (The two banks dropped the suit a month later).
Banks and other card issuers were forced into a costly processes of combatting fraud and issuing new cards to customers. Some banks even began to protect themselves by buying up batches of their credit card numbers being offered on underground black markets.
The APWU’s Dimondstein said he would work with other APWU leaders in investigating the issue. “I will be personally involved as we address these deep concerns. And we will work in concert with our sister postal unions.”
The complaint comes at a time when the Union and the Postal Service are battling over other issues.
The Union has declared Friday a "National Day of Action" to protest proposed cuts in mail service the Union claims will forever damage the USPS.
The protest involves four postal unions, APWU, the National Postal Mail Handlers Union (NPMHU), National Association of Letter Carriers (NALC), and National Rural Letter Carriers Association (NRLCA).