News & information
USPS has confirmed that some Postal Service employees are unknowingly providing their usernames and passwords to criminal websites, while attempting to access PostalEase.
It is reported that employees are using Google and attempting to access PostalEase. Over several recent days, approximately 119 postal employees attempted accessing PostalEase using Google; however, Google’s routers redirected their searches to third-party criminally run websites that mirror the look and access of PostalEase. Unfortunately, their logon credentials were hacked, and some accounts were compromised.
The USPS Corporate Information Security Office (CISO) is working with the Postal Inspection Service to facilitate notice to the impacted employees. Formal notification to all postal employees is forthcoming.
USPS reports that representations have been made at the district level confirming Postal Inspectors are contacting impacted employees, as well as employees who may have unknowingly been compromised, and requesting their EINs and passwords.
Postal Inspectors have not contacted postal employees and requested their EINs and/or passwords. Employees should never provide usernames and/or passwords to anyone.
USPS has informed NALC that PostalEase has not been breached by any third party. Employees accessing PostalEase via the official postal website have not experienced security breaches.
Specific banking industry standards require financial institutions to provide relief in certain situations. However, several third-party websites were criminal scams, and likely, some of the lost monies will not be returned. USPS does not have the total dollar loss currently available. USPS states liability for the hacking, bank account breaches and lost monies remains with Google.
Financially impacted employees should immediately contact the Eagan ASC Helpdesk at 866-974-2733. Staff members are available to assist.
If you become aware of any employee experiencing access issues to PostalEase, they should immediately contact 877-477-3273 to request assistance.
Additionally, to assist USPS with identifying our affected members, NALC has created a section on the NALC Members Only portal of the NALC website that will allow affected individuals to identify themselves as victims of this scam. NALC members, after logging into the Members Only portal, will see in the upper right-hand portion of their Member Information page a check box with the words “Check here if you have been a victim of the fraudulent PostalEase Access” in red lettering.
NALC will then provide this information to USPS to assist in identifying those who may have been affected.