The US Postal Service shared the addresses of its online customers with Meta, LinkedIn and Snap, an investigation led by TechCrunch has found.

According to the publication, USPS was sharing customer information through hidden data collecting code – or tracking pixels – present across its website.

The code is usually created by tech and advertising companies to aggregate information about their users, allowing businesses to track user behaviour and interactions.

When a webpage or email containing a tracking pixel is accessed, the pixel is loaded, and it starts collecting data on actions such as page visits, clicks, or purchases.

In the case of USPS, some of that collected data included the postal addresses of logged-in USPS Informed Delivery customers, who use the free service to see photos of their incoming mail before it arrives.

TechCrunch discovered that the USPS website shared the postal address of a logged-in USPS Informed Delivery customer with Meta, LinkedIn and Snap.

Testing led by TechCrunch showed the data-collecting code on USPS’ website was scraping the customer’s address from the Informed Delivery landing page after customers logged in, and then sending it to the companies.

TechCrunch added the code also collected other data, such as information about the user’s computer type and browser, finding that tracking numbers entered the USPS website were also shared with advertisers and tech companies, including Bing, Google, LinkedIn, Pinterest and Snap.

According to the publication, USPS took immediate action to remediate the issue, claiming that it was “unaware” of it.

Although it’s not clear the number of individuals who had their information collected, USPS’ service Informed Delivery registered more than 62 million users as of March 2024.

In a statement to TechCrunch, USPS spokesperson Jim McKean said: “The Postal Service leverages an analytics platform for our own internal purposes, so that we understand the usage of our products and services and which we use on an aggregated basis to market our products.”

“The Postal Service does not sell or provide any personal information that is collected from this analytics platform to any third party, and we were unaware of any configuration of the platform that collected personal information from the URL and that shared it without our knowledge with social media.”

“We have taken immediate action to remediate this issue,” the spokesperson said, without saying what action was taken. The spokesperson declined to comment further.

When reached for comment, Facebook spokesperson Emil Vazquez provided a statement: “We’ve been clear in our policies that advertisers should not send sensitive information about people through our Business Tools. Doing so is against our policies, and we educate advertisers on properly setting up Business Tools to prevent this from occurring. Our system is designed to filter out potentially sensitive data it is able to detect.”

---