USPS OIG
Company Details
Linkedin ID:
usps-oig
Website:
Employees number:
6,673
Number of followers:
34,373
NAICS:
92
Industry Type:
Homepage:
uspsoig.gov
IP Addresses:
0
Company ID:
USP_1901053
Scan Status:
In-progress
USPS OIG Company CyberSecurity Posture
uspsoig.gov
Welcome to the U.S. Postal Service Office of Inspector General (USPS OIG) fan page on LinkedIn. We play a key role in maintaining the integrity and accountability of America’s postal service, its revenue and assets, and its employees. On our page, you will find the most recent news stories and reports. We want to hear what you have to say! We encourage you to share your comments, ideas, and concerns. All we ask is that you please keep your comments and wall posts clean and respectful and follow our posting guidelines. We reserve the right to determine which comments are acceptable for this page. If you don't comply, we’ll remove your message: -We don’t allow graphic, obscene, explicit or racial comments or submissions nor do we allow comments that are abusive, hateful or intended to defame anyone or any group. -We do not allow solicitations or advertisements for outside entities. This also applies to spam and chain-letters. -Comments that make unsupported accusations will be removed. This is a public forum and any information provided in comments may be publicly available on LinedIn. LinkedIn's privacy policies apply. As such, please do not post personal information you do not want available to the general public. You post at your own risk, taking personal responsibility for your comments, your username and any information provided. Note that the appearance of external links on this page does not constitute official endorsement on behalf of the USPS OIG or the Postal Service. USPS OIG is not liable for any loss or damage resulting from any comments posted on this page. Our page is not the place to report violations of laws, rules, or regulations; misconduct; waste of funds; abuse of authority; theft of mail by employee or contractor; or know of a situation in the Postal Service that is a danger to public health and safety. These concerns should be reported directly to our Hotline at http://www.uspsoig.gov/hotline.
USPS OIG A.I CyberSecurity Scoring
USPS OIG Risk Score (AI oriented)Between 700 and 749
USPS OIG
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
USPS OIG Global Score (TPRM)XXXX
USPS OIG
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
USPS OIG Company CyberSecurity News & History
Past Incidents
1
Attack Types
1
USPS
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: A sophisticated smishing campaign using fake USPS package delivery notifications led to significant data compromise. Security researcher Grant Smith unveiled that victims across the United States entered 438,669 unique credit cards into fraudulent domains. Moreover, over 50,000 email addresses, including university and government domains, were affected, revealing the vast reach and potential financial impact of the scam. The data breach facilitated by the Chinese-language group not only compromised individual financial data but also exposed at-risk populations, including military personnel, to potential fraud.
USPS OIG Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for USPS OIG
Incidents vs Government Administration Industry Average (This Year)
No incidents recorded for USPS OIG in 2025.
Incidents vs All-Companies Average (This Year)
No incidents recorded for USPS OIG in 2025.
Incident Types USPS OIG vs Government Administration Industry Avg (This Year)
No incidents recorded for USPS OIG in 2025.
Incident History — USPS OIG (X = Date, Y = Severity)
USPS OIG cyber incidents detection timeline including parent company and subsidiaries
USPS OIG Company Subsidiaries
Welcome to the U.S. Postal Service Office of Inspector General (USPS OIG) fan page on LinkedIn. We play a key role in maintaining the integrity and accountability of America’s postal service, its revenue and assets, and its employees. On our page, you will find the most recent news stories and reports. We want to hear what you have to say! We encourage you to share your comments, ideas, and concerns. All we ask is that you please keep your comments and wall posts clean and respectful and follow our posting guidelines. We reserve the right to determine which comments are acceptable for this page. If you don't comply, we’ll remove your message: -We don’t allow graphic, obscene, explicit or racial comments or submissions nor do we allow comments that are abusive, hateful or intended to defame anyone or any group. -We do not allow solicitations or advertisements for outside entities. This also applies to spam and chain-letters. -Comments that make unsupported accusations will be removed. This is a public forum and any information provided in comments may be publicly available on LinedIn. LinkedIn's privacy policies apply. As such, please do not post personal information you do not want available to the general public. You post at your own risk, taking personal responsibility for your comments, your username and any information provided. Note that the appearance of external links on this page does not constitute official endorsement on behalf of the USPS OIG or the Postal Service. USPS OIG is not liable for any loss or damage resulting from any comments posted on this page. Our page is not the place to report violations of laws, rules, or regulations; misconduct; waste of funds; abuse of authority; theft of mail by employee or contractor; or know of a situation in the Postal Service that is a danger to public health and safety. These concerns should be reported directly to our Hotline at http://www.uspsoig.gov/hotline.
Loading...
USPS OIG Similar Companies
FDA
The Food and Drug Administration is an agency within the Department of Health and Human Services. The FDA is responsible for protecting the public health by ensuring the safety, efficacy, and security of human and veterinary drugs, biological products, and medical devices; and by ensuring the safet
Malmö stad
Bli en samhällsbyggare – jobba i Malmö stad! Genom att arbeta i Malmö stad får du möjlighet att arbeta med hållbar samhällsutveckling. Som en samhällsbyggare spelar du en viktig roll i Malmös utveckling och därför ser vi oss som framtidens arbetsplats. Människors lika värde är en förutsättning fö
Vlaamse overheid
Bij de Vlaamse overheid geef je elke dag opnieuw het beste van jezelf, in een job die een verschil maakt in de maatschappij. Pas afgestudeerd of al een aantal jaren professionele ervaring achter de rug? Op zoek naar een job als arbeider, bediende, leidinggevende, administratief medewerker, ingenie
European Commission
The Commission represents and upholds the interests of the EU as a whole, and is independent of national governments. The European Commission prepares legislation for adoption by the Council (representing the member countries) and the Parliament (representing the citizens). It administers the budge
Department of Education
The Department of Education is responsible for delivering the Victorian Government’s commitment to making Victoria the Education State, where all Victorians have the best learning and development experience, regardless of their background, postcode or circumstances. Education remains a cornerstone f
Government of Western Australia
Welcome to the official WA Government page where you can stay up to date on the latest information about Western Australia and WA government initiatives. Questions relating to a specific activity within the WA Government should be referred to the relevant Department or Minister’s Office for a re
Transportation Security Administration (TSA)
The Transportation Security Administration (TSA) is a component agency of the U.S. Department of Homeland Security (DHS), committed to securing the nation’s transportation systems to ensure safe and efficient travel for all. Our mission is to protect the American people by preventing threats and dis
Social Security Administration
Social Security provides financial protection for our nation’s people, supporting more than 64 million individuals and families. With retirement, disability, and survivors benefits, Social Security is one of the most successful anti-poverty programs in our nation's history. We are there throughout
U.S. Department of Homeland Security
The Department of Homeland Security (DHS) has a vital mission: to secure the nation from the many threats we face. This requires the hard work of more than 260,000 employees in jobs that range from aviation and border security to emergency response, from cybersecurity analyst to chemical facility in
.png)
USPS OIG CyberSecurity News
August 22, 2025 07:00 AM
Peraton Books $100M in Government Contracts
Peraton booked government contracts, including an award from the USPS Office of Inspector General for software engineering and other IT...
July 25, 2025 07:00 AM
Fewer letters, more addresses: Can the Postal Service keep up?
Guest: David Neu. Title: USPS Office of the Inspector General. Summary: The U.S. Postal Service is facing a paradox: Mail volume is...
June 09, 2025 07:00 AM
Audit: 100K+ pieces of delayed mail sitting in Louisville USPS branches
An audit of the Louisville Processing and Distribution Center and three delivery units found over 100000 pieces of delayed mail,...
May 19, 2025 07:00 AM
Katherine Reilly Named SEC Acting Inspector General
The Securities and Exchange Commission today announced the appointment of Katherine Reilly as the agency's Acting Inspector General.
May 05, 2025 07:00 AM
GAO, USPS IG make their case for 2026 budget increases
Over the first 100 days of the Trump administration, the U.S. Department of Government Efficiency banged the drum of rooting out waste,...
January 04, 2025 08:00 AM
Some Postal Service workers stealing mail: Inspector general report
Some postal workers are stealing mail and packages, according to the USPS Inspector General.
August 29, 2024 07:00 AM
USPS wins $2M contract fraud settlement
The Postal Service wins a two-million-dollar settlement following a contract fraud investigation. Its inspector general's office said a vendor withheld rebates...
August 20, 2024 07:00 AM
USPS is growing its workforce, but a ‘retirement wave’ may be coming soon, watchdog warns
The Postal Service is facing a potential “retirement wave,” its inspector general's office warns, with nearly one in five of its employees now retirement-...
August 16, 2024 07:00 AM
US Postal Service OIG Issues Tech Support Solicitation
The US Postal Service's Office of Inspector General is soliciting proposals on technology support services.
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
USPS OIG CyberSecurity History Information
Official Website of USPS OIG
The official website of USPS OIG is http://www.uspsoig.gov/.
USPS OIG’s AI-Generated Cybersecurity Score
According to Rankiteo, USPS OIG’s AI-generated cybersecurity score is 703, reflecting their Moderate security posture.
How many security badges does USPS OIG’ have ?
According to Rankiteo, USPS OIG currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does USPS OIG have SOC 2 Type 1 certification ?
According to Rankiteo, USPS OIG is not certified under SOC 2 Type 1.
Does USPS OIG have SOC 2 Type 2 certification ?
According to Rankiteo, USPS OIG does not hold a SOC 2 Type 2 certification.
Does USPS OIG comply with GDPR ?
According to Rankiteo, USPS OIG is not listed as GDPR compliant.
Does USPS OIG have PCI DSS certification ?
According to Rankiteo, USPS OIG does not currently maintain PCI DSS compliance.
Does USPS OIG comply with HIPAA ?
According to Rankiteo, USPS OIG is not compliant with HIPAA regulations.
Does USPS OIG have ISO 27001 certification ?
According to Rankiteo,USPS OIG is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of USPS OIG
USPS OIG operates primarily in the Government Administration industry.
Number of Employees at USPS OIG
USPS OIG employs approximately 6,673 people worldwide.
Subsidiaries Owned by USPS OIG
USPS OIG presently has no subsidiaries across any sectors.
USPS OIG’s LinkedIn Followers
USPS OIG’s official LinkedIn profile has approximately 34,373 followers.
NAICS Classification of USPS OIG
USPS OIG is classified under the NAICS code 92, which corresponds to Public Administration.
USPS OIG’s Presence on Crunchbase
No, USPS OIG does not have a profile on Crunchbase.
USPS OIG’s Presence on LinkedIn
Yes, USPS OIG maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/usps-oig.
Cybersecurity Incidents Involving USPS OIG
As of December 20, 2025, Rankiteo reports that USPS OIG has experienced 1 cybersecurity incidents.
Number of Peer and Competitor Companies
USPS OIG has an estimated 11,756 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at USPS OIG ?
Incident Types: The types of cybersecurity incidents that have occurred include Breach.
Incident Details
Can you provide details on each incident ?
Title: USPS Smishing Campaign
Description: A sophisticated smishing campaign using fake USPS package delivery notifications led to significant data compromise. Security researcher Grant Smith unveiled that victims across the United States entered 438,669 unique credit cards into fraudulent domains. Moreover, over 50,000 email addresses, including university and government domains, were affected, revealing the vast reach and potential financial impact of the scam. The data breach facilitated by the Chinese-language group not only compromised individual financial data but also exposed at-risk populations, including military personnel, to potential fraud.
Type: Smishing Campaign
Attack Vector: Phishing
Threat Actor: Chinese-language group
Motivation: Financial Gain
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Breach.
How does the company identify the attack vectors used in incidents ?
Identification of Attack Vectors: The company identifies the attack vectors used in incidents through Fake USPS package delivery notifications.
Impact of the Incidents
What was the impact of each incident ?
Incident : Smishing Campaign USP001081924
Data Compromised: Credit card information, Email addresses
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Credit Card Information, Email Addresses and .
Which entities were affected by each incident ?
Incident : Smishing Campaign USP001081924
Location: United States
Data Breach Information
What type of data was compromised in each breach ?
Incident : Smishing Campaign USP001081924
Type of Data Compromised: Credit card information, Email addresses
Number of Records Exposed: 438,669 credit cards, 50,000 email addresses
Sensitivity of Data: High
Initial Access Broker
How did the initial access broker gain entry for each incident ?
Incident : Smishing Campaign USP001081924
Entry Point: Fake USPS package delivery notifications
High Value Targets: University And Government Domains, Military Personnel,
Data Sold on Dark Web: University And Government Domains, Military Personnel,
Additional Questions
General Information
Who was the attacking group in the last incident ?
Last Attacking Group: The attacking group in the last incident was an Chinese-language group.
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were Credit card information, Email addresses and .
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were Credit card information and Email addresses.
What was the number of records exposed in the most significant breach ?
Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 488.7K.
Initial Access Broker
What was the most recent entry point used by an initial access broker ?
Most Recent Entry Point: The most recent entry point used by an initial access broker was an Fake USPS package delivery notifications.
.png)
Latest Global CVEs (Not Company-Specific)
Description
n8n is an open source workflow automation platform. Versions starting with 0.211.0 and prior to 1.120.4, 1.121.1, and 1.122.0 contain a critical Remote Code Execution (RCE) vulnerability in their workflow expression evaluation system. Under certain conditions, expressions supplied by authenticated users during workflow configuration may be evaluated in an execution context that is not sufficiently isolated from the underlying runtime. An authenticated attacker could abuse this behavior to execute arbitrary code with the privileges of the n8n process. Successful exploitation may lead to full compromise of the affected instance, including unauthorized access to sensitive data, modification of workflows, and execution of system-level operations. This issue has been fixed in versions 1.120.4, 1.121.1, and 1.122.0. Users are strongly advised to upgrade to a patched version, which introduces additional safeguards to restrict expression evaluation. If upgrading is not immediately possible, administrators should consider the following temporary mitigations: Limit workflow creation and editing permissions to fully trusted users only; and/or deploy n8n in a hardened environment with restricted operating system privileges and network access to reduce the impact of potential exploitation. These workarounds do not fully eliminate the risk and should only be used as short-term measures.
Risk Information
cvss3
Base: 9.9
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
References
- https://github.com/n8n-io/n8n/commit/08f332015153decdda3c37ad4fcb9f7ba13a7c79
- https://github.com/n8n-io/n8n/commit/1c933358acef527ff61466e53268b41a04be1000
- https://github.com/n8n-io/n8n/commit/39a2d1d60edde89674ca96dcbb3eb076ffff6316
- https://github.com/n8n-io/n8n/security/advisories/GHSA-v98v-ff95-f3cp
Description
FastAPI Users allows users to quickly add a registration and authentication system to their FastAPI project. Prior to version 15.0.2, the OAuth login state tokens are completely stateless and carry no per-request entropy or any data that could link them to the session that initiated the OAuth flow. `generate_state_token()` is always called with an empty `state_data` dict, so the resulting JWT only contains the fixed audience claim plus an expiration timestamp. On callback, the library merely checks that the JWT verifies under `state_secret` and is unexpired; there is no attempt to match the state value to the browser that initiated the OAuth request, no correlation cookie, and no server-side cache. Any attacker can hit `/authorize`, capture the server-generated state, finish the upstream OAuth flow with their own provider account, and then trick a victim into loading `.../callback?code=<attacker_code>&state=<attacker_state>`. Because the state JWT is valid for any client for \~1 hour, the victim’s browser will complete the flow. This leads to login CSRF. Depending on the app’s logic, the login CSRF can lead to an account takeover of the victim account or to the victim user getting logged in to the attacker's account. Version 15.0.2 contains a patch for the issue.
Risk Information
cvss3
Base: 5.9
Severity: HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:N
References
- https://github.com/fastapi-users/fastapi-users/blob/bcee8c9b884de31decb5d799aead3974a0b5b158/fastapi_users/router/oauth.py#L111
- https://github.com/fastapi-users/fastapi-users/blob/bcee8c9b884de31decb5d799aead3974a0b5b158/fastapi_users/router/oauth.py#L57
- https://github.com/fastapi-users/fastapi-users/commit/7cf413cd766b9cb0ab323ce424ddab2c0d235932
- https://github.com/fastapi-users/fastapi-users/security/advisories/GHSA-5j53-63w8-8625
Description
FileZilla Client 3.63.1 contains a DLL hijacking vulnerability that allows attackers to execute malicious code by placing a crafted TextShaping.dll in the application directory. Attackers can generate a reverse shell payload using msfvenom and replace the missing DLL to achieve remote code execution when the application launches.
Risk Information
cvss3
Base: 9.8
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss4
Base: 8.5
Severity: LOW
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
LDAP Tool Box Self Service Password 1.5.2 contains a password reset vulnerability that allows attackers to manipulate HTTP Host headers during token generation. Attackers can craft malicious password reset requests that generate tokens sent to a controlled server, enabling potential account takeover by intercepting and using stolen reset tokens.
Risk Information
cvss3
Base: 7.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss4
Base: 8.6
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Kimai 1.30.10 contains a SameSite cookie vulnerability that allows attackers to steal user session cookies through malicious exploitation. Attackers can trick victims into executing a crafted PHP script that captures and writes session cookie information to a file, enabling potential session hijacking.
Risk Information
cvss3
Base: 9.8
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss4
Base: 8.5
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=usps-oig' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
