APWU national officers have filed a national dispute with postal management on behalf of members who have had their pay stolen by cyber-criminals and are unable to recover the money.

Several hundred postal workers have had pay stolen by cyber-criminals who used fraudulent websites to obtain sensitive personal data that was used to divert and steal direct deposit payments.

The thefts mainly occurred during Pay Period 26 of 2022 but continued into Pay Period 1 of 2023. The thefts led the Postal Service to shut down employee apps on LiteBlue and through PostalEase on any computer or device not connected to an internal Postal Service Intranet network.

While many workers have been able to recover money that has been recovered from banks, Postal Service management has taken the position that any unrecovered loss of pay as a result of the fraud is the fault of postal workers.

However, management was aware of the risk of cyber fraud but did not send warnings to employees. It is also known that the Postal Service was aware of security threats to the LiteBlue application because they had been working on the creation and implementation of a Multifactor Authentication (MFA) process since mid-2022, but did not inform the APWU of this until the last week of November 2022.

The banking industry and secure websites have been utilizing MFA processes for years because of the everyday security threats on the internet. Yet the Postal Service chose not to implement these processes until just this week, when a Stand-Up Talk was issued on December 17.

Although not every APWU represented employee has had their pay stolen, we understand that anyone who has lost money has been affected deeply, and these issues must be addressed by the Postal Service immediately.

APWU President, Mark Dimondstein, said: “It appears that the number of affected people is not huge, but a paycheck is a family’s lifeline and not one single worker should be left without money as a result of this attack.”

“The criminals behind this attack are to blame, but postal management must also take its share of the responsibility,” said Charlie Cash, APWU Industrial Relations Director. “It is clear that Postal management knew for a long time that LiteBlue had this security risk by they made no serious attempt to warn workers or upgrade security until it was too late for hundreds of workers.”

TAKE THE FOLLOWING STEPS IF YOUR DIRECT DEPOSIT HAS BEEN STOLEN:

1. Call the Accounting Service Center to report the fraud at 1-866-974-2733
2. Report the loss to the USPS Cybersafe unit at cybersafe@usps.gov
3. Call the Human Resources Shared Service Center (HRSSC) at 1-877-477-3273 and either change the direct deposit information or cancel it entirely
4. Request a pay advance, but note the advance will more than likely be denied as the Postal Service takes the position that due to employee negligence, no advance is owed. A grievance can be filed on the denial of the advance at this point
5. The employee can file a PS Form 2146. The PS form 2146 is a claim for employees lost personal property while on duty or while on postal premises. An employee’s pay is personal property and is connected to employment.

Once the claim has been submitted, the Postal Service must act on it. The Supervisor must complete their portion, send to the Area, and a decision must be rendered within 30-days of receipt at the Area Level.

Employee and local officers and stewards need to make sure the form is submitted to Area ASAP. If a negative decision is rendered, the denial should be appealed directly to arbitration.

There is no guarantee this will lead to the Postal Service paying the lost funds to the employee--this is only one possible action an employee can take on the issue and it is up to each employee whether or not to make such a claim.

If the Postal Service recovers the funds lost and returns them to the employee, each employee and union official must then evaluate any grievances or claims currently active and make a determination on the continued processing of such grievances or claims.

APWU national officers are continuing to advocate for members who have had had their wages stolen in the recent online fraud attack on USPS systems. Below is an update on management’s introduction of multifactor authentication (MFA) for LiteBlue log ins.

MFA is a tool that banks and other institutions use when dealing with sensitive personal information to prevent cyber-attacks. It is an identity verification method where users have to use two or more methods to gain access to an online account. Entering a password and then a text message confirmation code is an example of MFA.

Management has provided an update about the implementation of MFA to log into LiteBlue after cyber criminals gained access to sensitive employee data using fake websites that closely resembled LiteBlue. The fraudsters used this information to make changes to net-to-bank and allotment accounts to divert and steal direct deposit funds.

A Stand-Up Talk issued on January 17 announced that the Postal Service began requiring MFA in order to access LiteBlue on Jan. 15, 2023 as an additional layer of protection to strengthen online security measures for postal workers personal data.

When employees log into LiteBlue, they will be required to set up their MFA preferences. Once an employee’s MFA setup is enabled, these ID confirmation factors will be required each time they log in.

WHAT YOU NEED TO DO

After Jan. 15, 2023, when you log in to LiteBlue:

• Reset your Self-Service Profile (SSP) Password.
• Verify the last four digits of you Social Security Number (SSN.
• Set up your multifactor authentication preferences.
• After set up, you will be required to confirm your credentials each time you log in.

For more information or to view support materials, go to the LiteBlue login page and select “Multifactor Authentication.”

Resource materials, including an Instructions to Enroll and Sign in to LiteBlue with Multifactor Authentications (MFA) user guide, are also available below.

LiteBlue MFA Documents & Materials

The 2023 Joint Contract Interpretation Manual (JCIM), a resource for the administration of the 2021-2024 Collective Bargaining Agreement (CBA), is now available for members! Members can order their JCIM for $10 from the APWU Store on the APWU website, or you can click here for an electronic copy.

The JCIM is an APWU and USPS jointly prepared manual for interpreting issues related to the union contract and serves to address and resolve disputes as well as ensure contract compliance.

The JCIM is a collection of agreed-upon interpretations that have been made over decades of collective bargaining. Whether those interpretations have been made by simple discussion and agreement, interpreted by a national arbitrator in arbitration proceedings, agreed upon in memoranda of understanding, or through dispute settlements, the JCIM is the final word on issues printed in the booklet for all levels of the grievance process.

The purpose of the JCIM is also stated at the beginning of the manual:

“When a dispute arises, the parties should first go to the JCIM to determine if the issue in disputes is addressed. If it is, the parties are required to resolve the dispute in accordance with this manual. If the parties effectively use and consult the JCIM, many disputes can be settled early on in the grievance/arbitration process.”

APWU National Officers continue to warn postal workers to be on the lookout for a fraudulent online scheme that has resulted in stolen direct deposit payments from USPS employees.

The scam involves either a phone call from someone claiming to be a Postal Inspector or a fraudulent website that looks like LiteBlue, but sends workers’ log in details to the fraudsters. 

Once workers have provided the scammers with their security information, such as passwords and EINs, the scammers can log into their victims’ LiteBlue accounts and change their net-to-bank payroll information. 

USPS management warned workers about the fake LiteBlue sites in a Stand-up Talk on Dec. 23. 

On Dec. 29 the USPS disabled access to change PostalEase on external sites. Employees can still login through external computers, but can only view their direct deposit and other information. Employees who need to change their information will have to either login to PostalEase through an ACE computer at a postal facility or call the Human Resource Shared Service Center (HRSSC) directly at 1-877-477-3273 to make any necessary direct deposit or benefit changes at this time. 

An updated Stand-up Talk was posted on the subject on Dec. 30. However, it has been reported from the field that the Stand-up Talks are not being done in many locations and that managers are denying workers access to postal devices in order to log into their accounts.

If you have not received the Stand-up talks regarding LiteBlue fraud, or are denied access to PostalEase through a USPS issued device, please contact your steward or other local/state officer for resolution. If local management refuses to resolve the problems, local and state leaders can inform the Industrial Relations Department to address the problem with Postal HQ management.  

APWU national officers are monitoring the situation and demanding that the Postal Service provide full updates on what has happened, what is still happening, and what is being done to remedy the situation, including the reimbursement of stolen funds

Postal Service management will implement a Multi-Factor Authentication (MFA) system, which will add an extra layer of security by requiring a code sent via email or text to log in. It is recommended that everyone ensure the Postal Service has a good email or phone number that can receive a text on file. The email or phone number provided to the Postal Service for MFA will only be used for this purpose.

It is important that you should never share your LiteBlue/PostalEase login information with anyone. The Postal Inspectors will not call or ask for this information over the phone.

If you are concerned that you might have entered your LiteBlue information on a fraudulent website or have provided that information from a phone call, please attempt to log in and check your LiteBlue/PostalEase account immediately. If you can’t log in, see unauthorized changes, or if anything seems suspicious, contact HRSSC immediately at 1-877-477-3273.
 

FRAUD ALERT STAND UP TALKS