The US Postal Service ignored an authentication oversight that exposed 60 million users’ account details. An anonymous researcher found that an application programming interface (API) did not include proper access control for reading data belonging to other users’ accounts. An attacker would just have to run a query in the system to get the information. The USPS fixed the problem on November 20 and told Krebs that it was constantly monitoring its network for suspicious activity. In 2014, the USPS suffered a data breach that involved personal information of at least 750,000 employees and almost three million customers.
Source: https://www.bleepingcomputer.com/news/security/us-postal-service-exposes-data-of-60-million-users-for-over-a-year/