Search
Subscribe

Follow us! >

Postal News

After-Action Review of Unauthorized Access to USPS Employee Self-Service Portal (LiteBlue)

Background

The U.S. Postal Service is the second largest employer in the United States with over 640,000 employees and $2.15 billion in bi-weekly salaries. To provide employees with convenient access to their payroll, benefits, and personnel data, the Postal Service uses the LiteBlue portal. This web-based portal contains several human resources (HR) applications, including PostalEASE, which allows employees to establish direct deposits, create or modify payroll allotments, and update retirement and health benefits information. In October 2022, some employees entered their login credentials into several fake LiteBlue websites, allowing bad actors to obtain their login credentials and fraudulently reroute employees’ payroll direct deposits and create payroll allotments to bank accounts they controlled.

What We Did

Our objective was to determine if the Chief Information Security Office (CISO) appropriately responded to and mitigated fraudulent access to the PostalEASE application. We also assessed the extent to which CISO could have prevented or mitigated this fraudulent access. For this audit, we reviewed CISO’s response to the attack, evaluated cyber incident and event policies and procedures, and analyzed employee and payroll data.

What We Found

CISO did not take all critical steps necessary to prevent fraudulent access to the PostalEASE application, such as implementing multifactor authentication (MFA) or providing security awareness training to all employees. These issues occurred because CISO prioritized securing the broader Postal Service network and did not make security awareness training mandatory. Additionally, CISO did not escalate the 2022 phishing attack from an “event” to an “incident,” despite unauthorized system access, unlawful activity, and indication the attackers used employees’ credentials to access multiple HR applications.

Recommendations and Managements Comments

We made six recommendations to address issues related to fraudulent account access, incident escalation, residual risk to MFA, and more. Postal Service management agreed with four recommendations and disagreed with two. Management’s comments and our evaluation are at the end of each finding and recommendation. The U.S. Postal Service Office of Inspector (OIG) considers management’s comments responsive to recommendations 1,3,4, and 6 and corrective actions should resolve the issues identified in the report.

Sign up to receive our Daily Postal News blast

Related Articles

Tell us what you think below!

Subscribe
Notify of
guest
0 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments

Hot this week

Postal News

USPS Enforcement of Customs Data Requirements for Military and Diplomatic Mail

0
Effective March 16, 2026, USPS will engage in enhanced post-acceptance screening efforts to enforce customs declaration form requirements on mail sent to or from addresses at any overseas Military Post Office (MPO) and to or from addresses at any Diplomatic Post Office (DPO).
Postal News

The United States Postal Service is Now the Official Shipping Sponsor of the National Hockey League

0
The United States Postal Service (USPS) and the National Hockey League (NHL) today announced a U.S. sponsorship agreement linking two iconic brands and making USPS the Official Shipping Sponsor of the NHL.
Postal News

USPS Reports On-Time Delivery Gains, Higher Customer Satisfaction for Holiday Surge

0
WASHINGTON — Through large investments in new technology and new logistics planning and execution, the U.S. Postal Service (USPS) significantly improved its delivery performance during this past holiday season
Postal News

Cortez Masto, Blackburn Introduce Bipartisan Legislation to Keep Postal Operations Local

0
U.S. Senators Catherine Cortez Masto (D-Nev.) and Marsha Blackburn (R-Tenn.) introduced legislation to bolster protections for rural mail services across the country
Postal News

The Postal Service’s ‘Next Generation’ Electric Delivery Vehicles Cost $22,000 More Than Other Electric Vans

0
With commercial off-the-shelf vehicles readily available, cheaper, and already used in its fleet, why did the USPS decide to commission its new trucks from Oshkosh Defense?
spot_img

Related Articles

Popular Categories

USPSPOSTAL CRIMESCONGRESSOIGVEHICLE FIRESTAMPSBAD APPLE
Previous article
USPS OIG – Maryland District: Delivery Operations — Washington DC
Next article
Mail service and Congressional issues in the news – 06/13/24

About us

The #1 Website on the internet for the most comprehensive up to date postal news!

Our network

Stay on top of the news

Sign up to receive your Daily Postal News blast

>

Recent Comments

Matt Johnson on Johnson gives postmaster general until July before requesting resignation
James Rice on DOJ: Ban on mailing concealable firearms unconstitutional, can’t be enforced
The Truth on USPS OIG – Grievance Management
The Truth on Johnson gives postmaster general until July before requesting resignation
Mail Slug on From Rural Carrier to USPS Supervisor

© 2025 Postaltimes.com - A web property of MDLogan Enterprises LLC

Secret Link
0
Would love your thoughts, please comment.x
()
x
 
Send this to a friend