United States Postal Service (USPS) affiliate Click2Mail.com has started sending out notices to some of its users about a data breach that impacted their personal information.
Click2Mail allows customers to create, personalize, and proof mailpieces, as well as to acquire, build, and manage mailing lists. With the help of Click2Mail’s web browser-based tools, users do not need to manually handle postage or transport to a post office.
The security incident was discovered on October 4, 2019, and the intrusion was closed on the same day. However, the attackers were in the system long enough to exfiltrate a great deal of information on registered Click2Mail users.
In the notification sent to their users, Click2Mail specifies that personal information the attackers may have compromised includes name, organization name, account mailing address, email address, and phone number.
“On October 4th, 2019 it was discovered that registered Click2Mail users’ names and email addresses were being used by unknown parties to send multiple spam emails. Technical analysis of our systems detected an intrusion point that was closed that same day,” the message reads.
The notification, which Click2Mail has shared with SecurityWeek via email, also points out that the service does not store credit card data on its systems.
Click2Mail has retained a cyber-security firm to investigate the data breach and the organization’s IT systems and security protocols.
“Our goal is to assure that our systems are as secure as possible to protect your personal information and mailing data. As always, we recommend you do not respond to any suspicious emails or click on any active links contained in messages sent by unknown senders,” Click2Mail told users.
Click2Mail also informed SecurityWeek that, while they have no additional details to share on the data breach at the moment, they continue to investigate the incident.
Just over 200,000 users are expected to receive the notification.
Related: 562,000 Impacted in XKCD Forum Data Breach
Related: Security Firm: Data Breach Exposes Millions of Ecuadorians