Background
The U.S. Postal Service is the second largest employer in the United States with over 640,000 employees and $2.15 billion in bi-weekly salaries. To provide employees with convenient access to their payroll, benefits, and personnel data, the Postal Service uses the LiteBlue portal. This web-based portal contains several human resources (HR) applications, including PostalEASE, which allows employees to establish direct deposits, create or modify payroll allotments, and update retirement and health benefits information. In October 2022, some employees entered their login credentials into several fake LiteBlue websites, allowing bad actors to obtain their login credentials and fraudulently reroute employees’ payroll direct deposits and create payroll allotments to bank accounts they controlled.
What We Did
Our objective was to determine if the Chief Information Security Office (CISO) appropriately responded to and mitigated fraudulent access to the PostalEASE application. We also assessed the extent to which CISO could have prevented or mitigated this fraudulent access. For this audit, we reviewed CISO’s response to the attack, evaluated cyber incident and event policies and procedures, and analyzed employee and payroll data.
What We Found
CISO did not take all critical steps necessary to prevent fraudulent access to the PostalEASE application, such as implementing multifactor authentication (MFA) or providing security awareness training to all employees. These issues occurred because CISO prioritized securing the broader Postal Service network and did not make security awareness training mandatory. Additionally, CISO did not escalate the 2022 phishing attack from an “event” to an “incident,” despite unauthorized system access, unlawful activity, and indication the attackers used employees’ credentials to access multiple HR applications.
Recommendations and Managements Comments
We made six recommendations to address issues related to fraudulent account access, incident escalation, residual risk to MFA, and more. Postal Service management agreed with four recommendations and disagreed with two. Management’s comments and our evaluation are at the end of each finding and recommendation. The U.S. Postal Service Office of Inspector (OIG) considers management’s comments responsive to recommendations 1,3,4, and 6 and corrective actions should resolve the issues identified in the report.
Translation: They don’t GAF.
Dont you get tired of posting the same basic comment to every single story on this site?
“BOHICA”, “get out your lube”, “prostate exam”, “management will all be driving new Tesla’s with the money they’re screwing you out of”, the list goes on and on.
If your job is that horrible, if your management team treats you like a slave, if the Postal service screws you over every chance they get then the question begs to be asked… why do you tolerate it year after year. Nobody is forcing you to show up to a job that you obviously hate and according to you they hate you equally as much. You should move on to a different line of work, you would be a lot happier and way less b***hy. Just my opinion.
My, how very brownose of you. You’re either management or a useless union official. It is nice to know that you read all of my posts. Love you too 💖
I’m a carrier just like you claim to be, unlike you I happen to like the company that I work for, I like my route and the office that I work in. The USPS has given me and most of the employees around the country a pretty good living and retirement. You and Greg Shears (before he retired) are the two biggest complainers in the Postal service. It’s pretty shallow of you to assume that just because I don’t constantly gripe like you do that I must be in management or a union official.
I think that it shows that you are just an inherently unhappy person and would probably complain no matter where you work.
The job sucks because the union sucks. If the union did its job, management might treat the workers a little better. You are probably one of those suck ups who likes nothing better than giving management a happy ending every chance you get. You might even be one of those “go along to get along” shop stewards who talks your people out of filing grievances. Don’t worry, someday you will get screwed just like the rest of us. Be sure to come back and tell me all about it.
I notice that you’re real big on name calling, personal smears and saying things that make you sound like a tough guy. Those are the things people with no real argument say. Time to man up and show people some real action and stop taking all the abuse that you claim to constantly suffer. You’re just a chronic complainer, always have been, always will be and i’ll be here to point it out from now on.
You started this. As much as you have a right to be a brownnoser, I have a right to point out how the union and management screw us over and over. 99.99% of us don’t like how we are treated. I’m betting you are one of those table 1 butt-munches that has no problem with the pay disparity because you get yours. You probably are okay with the way subs get treated poorly by both management and regulars like you. If you don’t like my posts don’t read them. If you do read them, keep your piehole shut you sanctimonious butt-kisser.
I didn’t start anything, I simply responded to your constant and chronic complaints about the postal service. You can post comments all you like but people like me are going to have an opinion as well, even if it hurts your feelings. I happen to like the USPS and when you or anyone else constantly crap on the postal service then im going to speak up whether you like it or not. There’s an old saying that goes like this… it’s better to keep silent and allow others to think that you’re ignorant rather than speak and remove all doubt. words you should live by.
You want to compliment the postal service, knock yourself out. You reply to my comments with your sanctimonious condescension, I’m responding. As long as the postal service sucks, I’m going to file my grievances and speak the truth. If you have been following this site, you know that the majority here doesn’t think too much of management, the union, or butt kissers like you. Your opinion doesn’t hurt my feelings. I’ve dealt with a lot of brown-nosers like you over the years. There’s another old saying. It goes like this, “bite me”.
That was pure genius, I like a good laugh and I know that you will keep me laughing for the foreseeable future. I look forward to responding to your future posts. One more thing, you really need to update your insult arsenal, brown nose, Butt kisser, teabagging, bite me… those are pretty lame and very dated. Good luck with your complaining and the hatred of your job, unfortunately for you your situation will probably not improve and likely get worse.
By the way, I dont really care what “the majority” think about anything. I think for myself and im not part of the herd.