An internal watchdog at the U.S. Postal Service revealed a significant security gap in one of the organization’s systems, but officials wouldn’t publicly disclose any information about the vulnerability.
The Postal Service Inspector General inadvertently uncovered the bug during an audit to determine whether the Postal Service had addressed a separate IT security flaw, auditors said in a heavily redacted management alert.
The latest vulnerability “poses a security weakness that warrants management’s immediate attention,” auditors said. The IG notified the organization’s top cybersecurity officials in early April.
Though nearly all details about the vulnerability were stricken from the public version of the alert, it’s clear the flaw presented a serious cyber threat to the Postal Service.
“Postal Service policy requires there be security controls sufficient to satisfy baseline security requirements in all information resources,” auditors said. “Additional security is required to adequately protect the [redacted]. Exposure of this [redacted] could have a serious negative impact to the Postal Service brand.”