The IG report said the system was vulnerable because the USPS did not implement multi-factor authentication in timely way. Image: Tada Images/Shutterstock.com
By: FEDweek StaffMore than a year after a cyberattack on the LiteBlue self-service portal for Postal Service employees, work remains to shore up protections against unauthorized access to personal accounts, an inspector general report has said.
The IG self-initiated the report to determine if the USPS “appropriately responded to and mitigated” fraudulent access to that portal, which allows employees to establish direct deposits, create or modify payroll allotments, and update retirement and health benefits information.
The attack consisted of creating spoof websites of LiteBlue with similar names and web addresses, which appeared in popular search engines and which some employees inadvertently logged into. That allowed “bad actors to obtain their login credentials and fraudulently reroute employees’ payroll direct deposits and create payroll allotments to bank accounts they controlled,” the report said.
The report redacted information on how many employees were affected or the financial cost to them, but when the incident was first disclosed early last year, postal unions said that many employees had their entire paychecks rerouted.
The IG report said the system was vulnerable because the USPS did not implement multi-factor authentication in timely way, and “craft employees were not required to take security awareness training.” It added that while the USPS in response prioritized securing the broader Postal Service network, it did not sufficiently escalate the incident and identify vulnerabilities early and did not make security awareness training mandatory.
Management agreed with a recommendation to continue installing multi-factor authentication in all applications that hold critical or sensitive information and to update procedures for responding to incidents. However, it disagreed with a recommendation to increase training for craft employees and document that they have taken the training, saying the report did not show the benefit would be worth the cost; the IG in turn reiterated that recommendation.
OPM Advises Agencies on Conducting RIFs During Shutdown
Updated Shutdown Contingency Plans Show Range of Impacts
Use Shutdown as Justification for More RIFs, OMB Tells Agencies
Unions Win a Round in Court Disputes over Anti-Representation Orders
Deferred Resignation Periods End for Many; Overall 12% Drop
Senate Bill Would Override Trump Orders against Unions
See also,
How to Handle Taxes Owed on TSP Roth Conversions? Use a Ladder
The Best Ages for Federal Employees to Retire
Best States to Retire for Federal Retirees: 2025
