United States Postal Service (USPS) affiliate Click2Mail.com has started sending out notices to some of its users about a data breach that impacted their personal information.
Click2Mail allows customers to create, personalize, and proof mailpieces, as well as to acquire, build, and manage mailing lists. With the help of Click2Mail’s web browser-based tools, users do not need to manually handle postage or transport to a post office.
The security incident was discovered on October 4, 2019, and the intrusion was closed on the same day. However, the attackers were in the system long enough to exfiltrate a great deal of information on registered Click2Mail users.
In the notification sent to their users, Click2Mail specifies that personal information the attackers may have compromised includes name, organization name, account mailing address, email address, and phone number.
“On October 4th, 2019 it was discovered that registered Click2Mail users’ names and email addresses were being used by unknown parties to send multiple spam emails. Technical analysis of our systems detected an intrusion point that was closed that same day,” the message reads.
The notification, which Click2Mail has shared with SecurityWeek via email, also points out that the service does not store credit card data on its systems.
Click2Mail has retained a cyber-security firm to investigate the data breach and the organization’s IT systems and security protocols.
“Our goal is to assure that our systems are as secure as possible to protect your personal information and mailing data. As always, we recommend you do not respond to any suspicious emails or click on any active links contained in messages sent by unknown senders,” Click2Mail told users.
Click2Mail also informed Secur ..