National Postal Mail Handlers Union - Unity · Democracy · Strength - Division of LIUNA - AFL-CIO

National Postal Mail Handlers Union A Division of LIUNA (AFL-CIO)

Media Center / Mail Handler Update

Addressing Fraudulent PostalEase and LiteBlue Access

On December 20, 2022, the USPS notified the Union that some Postal Service employees had unknowingly provided their usernames and passwords to criminal websites, while attempting to access PostalEase. We were told that employees had been using the Google search engine to access PostalEase. Google’s search engine, however, directed them to third-party websites that were designed to mirror the look and access of PostalEase. When employees entered in their login credentials on these websites, we were told that the creators of those websites were able to record those credentials. The USPS informed us that approximately 119 employees were impacted. Once they had possession of the employees’ login credentials, the criminals were able to enter PostalEASE and access the employee’s sensitive information, including, as USPS has explained creating unauthorized allotments or even redirecting one’s entire check to a different financial institution without their knowledge.

The Postal Service also stated that they received reports at the district level that Postal Inspectors have been contacting impacted employees, as well as employees who may have unknowingly been compromised and was requesting their EINs and passwords. USPS has stressed that Postal Inspectors have not and will not be asking postal employees to provide their EINs and passwords. You should never give your usernames or passwords to anyone.

The Postal Service has assured us that the official PostalEase site itself has not been breached and that no employee who has accessed PostalEase through the official postal website has been impacted. The official website is https://liteblue.usps.gov.

The Postal Service position is that any liability for the use of compromised login information on the PostalEase site remains with Google and that they will not provide salary advances for those employees whose credentials were stolen when they accessed the unauthorized websites that mirrored LiteBlue.

The Postal Service has issued mandatory Stand Up Talks. They are also in the process of sending letters to each impacted employee as well as letters to all employees to address the issue. To prevent any further unauthorized changes, the external link to PostalEase was disabled on December 29th. The Postal Service is working to expedite the deployment of a multi-factor authentication feature which will prompt employees for a second identification factor, such as a one-time passcode through text or email. This security enhancement is tentatively scheduled to launch on January 15, 2023. In the interim, employees can also contact the helpdesk at 877-477-3273 for assistance with any LiteBlue needs. Until the multi-factor authentication is implemented, employees may only log into LiteBlue from a USPS issued device in a USPS facility.

Any financially impacted employee should immediately contact the Eagan ASC Helpdesk at 866-974-2733 for assistance. If you suspect you are a victim of this fraud or if you encounter a fake LiteBlue website, you should also contact CyberSafe by email at cybersafe@usps.gov.  The Postal Service is purchasing a one-year credit monitoring service for all impacted employees.

We have requested information regarding this fraudulent activity and continue to meet with postal officials. We are also preparing a national level grievance. Additional details will be shared when known.

Directory

Local 297 Local 298 Local 299 Local 300 Local 301 Local 302 Local 303 Local 304 Local 305 Local 306 Local 307 Local 308 Local 309 Local 310 Local 311 Local 312 Local 313 Local 314 Local 315 Local 316 Local 316 Local 317 Local 318 Local 320 Local 321 Local 322 Local 323 Local 324 Local 325 Local 327 Local 328 Local 329 Local 330 Local 331 Local 332 Local 333 Local 334 Local Unions
Enlarge Map