National Postal Mail Handlers Union - Unity · Democracy · Strength - Division of LIUNA - AFL-CIO

National Postal Mail Handlers Union A Division of LIUNA (AFL-CIO)

Media Center / News

Jan 12

USPS Issues Additional Guidance re: PostalEase and LiteBlue

January 12, 2023- We received the following update regarding the LiteBlue/PostalEase security issues:

The USPS Corporate Information Security Office (CISO) and the Eagan Accounting Service Center’s LiteBlue recovery process ensures the monies recovered from financial institutions will be promptly repaid to the employees impacted by the fake websites.

As of yesterday, CISO has received confirmation there were 368 instances in pay period 26 where employees accessed fake LiteBlue websites and had their IDs and passwords hacked, with that number dropping to 195 in pay period 1.  Please note some employees may be included in both groups.

The Eagan ASC has provided a rough estimate of $322,000 in recovered funds.  Unfortunately, not all the stolen money will be recovered.  It is the position of the Postal Service that they will not be reimbursing employees for any funds lost due to the criminal activity involving the fake LiteBlue websites.

We are told that following notice of the unauthorized activity, Eagan immediately sent out letters of indemnity to the financial institutions, and aggressively worked with them to recover the stolen monies.  The OIG’s and Inspection Service’s criminal investigations continue.

Once the financial institutions return the recovered monies to the Eagan ASC via electronic funds transfers, the ACS will cut checks to the impacted employees.  All recovery checks are being mailed to the impacted employees’ duty stations of record.

CISO and the postal vendor are working to implement the new LiteBlue security features that include multi-factor authentication, projected go-live on January 15, 2023.  The new LiteBlue access protocol will require the additional identification step to enhance system security.

We will continue to keep you updated as we receive more information.

January 4, 2023- USPS, Office of the Inspector General, and Corporate Information Security Office (CISO) discovered fake LiteBlue website which closely resemble LiteBlue. (pdf)

Corporate Information Security Office (CISO) has just confirmed the tentative date for implementing the new “multi-factor” protocol for enabling the restoration for access to LiteBlue is Sunday, January 15, 2023. The multi-factor access will mirror the additional ID authentications required by banks, insurance companies, etc. when accessing and completing transactions on similar platforms.

Impacted employees continue to be contacted by representatives from the Eagan ASC, Inspection Service, OIG and/or CISO as part of the on-going investigation. We will post additional details when known.

Directory

Local 297 Local 298 Local 299 Local 300 Local 301 Local 302 Local 303 Local 304 Local 305 Local 306 Local 307 Local 308 Local 309 Local 310 Local 311 Local 312 Local 313 Local 314 Local 315 Local 316 Local 316 Local 317 Local 318 Local 320 Local 321 Local 322 Local 323 Local 324 Local 325 Local 327 Local 328 Local 329 Local 330 Local 331 Local 332 Local 333 Local 334 Local Unions
Enlarge Map