Security Experts:

Connect with us

Hi, what are you looking for?



Click2Mail Informs Users of Data Breach

United States Postal Service (USPS) affiliate has started sending out notices to some of its users about a data breach that impacted their personal information.

United States Postal Service (USPS) affiliate has started sending out notices to some of its users about a data breach that impacted their personal information.

Click2Mail allows customers to create, personalize, and proof mailpieces, as well as to acquire, build, and manage mailing lists. With the help of Click2Mail’s web browser-based tools, users do not need to manually handle postage or transport to a post office.

The security incident was discovered on October 4, 2019, and the intrusion was closed on the same day. However, the attackers were in the system long enough to exfiltrate a great deal of information on registered Click2Mail users.

In the notification sent to their users, Click2Mail specifies that personal information the attackers may have compromised includes name, organization name, account mailing address, email address, and phone number.

“On October 4th, 2019 it was discovered that registered Click2Mail users’ names and email addresses were being used by unknown parties to send multiple spam emails. Technical analysis of our systems detected an intrusion point that was closed that same day,” the message reads.

The notification, which Click2Mail has shared with SecurityWeek via email, also points out that the service does not store credit card data on its systems.

Click2Mail has retained a cyber-security firm to investigate the data breach and the organization’s IT systems and security protocols.

“Our goal is to assure that our systems are as secure as possible to protect your personal information and mailing data. As always, we recommend you do not respond to any suspicious emails or click on any active links contained in messages sent by unknown senders,” Click2Mail told users.

Click2Mail also informed SecurityWeek that, while they have no additional details to share on the data breach at the moment, they continue to investigate the incident.

Just over 200,000 users are expected to receive the notification.

Related: 562,000 Impacted in XKCD Forum Data Breach

Related: Security Firm: Data Breach Exposes Millions of Ecuadorians

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Expert Insights

Related Content


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.


The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.


A new study by McAfee and the Center for Strategic and International Studies (CSIS) named a staggering figure as the true annual cost of...


Video games developer Riot Games says source code was stolen from its development environment in a ransomware attack


CISA, NSA, and MS-ISAC issued an alert on the malicious use of RMM software to steal money from bank accounts.

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...