I received the below message from VP Labor Relations Tom Blum last night. Again, remind people not to give their PostalEase login information to anyone. Some have willingly given their information to scam callers, and some went to the spoofed PostalEase website thinking they were logging into the legitimate website. As of this morning, I am aware of very few APWU employees who were impacted out of the 119 currently identified by the Postal Service, but even one is too many.

I have been in contact and in discussions regarding pay advances to those who lost money. However, as the message below states, they have not committed to do so. If I get more information I will share it.

You are welcome to share with the field.

Colleagues,

PostalEase has not been breached by any third party.

Employees accessing PostalEase via the official postal website have not experienced security breaches.

Over several recent days, approximately 119 postal employees attempted accessing PostalEase using Google; however, Google’s routers redirected their searches to third-party websites.  Unfortunately, their logon credentials were hacked, and some accounts were compromised.

The banking industry standard requires financial institutions to return misrouted or misappropriated funds. 

Several third-party websites were criminal scams, and likely, some of the lost monies will not be returned.  We do not have the total dollar loss currently available. 

Liability for the hacking, bank account breaches and lost monies remains with Google.

CIZO and the Inspection Service continue their investigations.  Please note, as confirmed in my email yesterday, the Eagan ASC is supporting employees’ efforts to recoup their losses.  (Eagan Helpdesk 866-674-2733; PostalEase log-on issues 877-477-3273). 

The potential use of pay advances (not guaranteed reimbursement for any lost funds) via money orders for the impacted employees is under HQ review.

Headquarters is also working on two employee communications and one employee handout to provide additional notice of the breach.

1.    Letter to be sent to employees that have been impacted on next steps.

2.    Letter to be sent to all postal employees making them aware of the potential risk.

3.    Handout to be included in letter to all employees to provide examples of fake sites and steps on how to update personal contact information.

Due to the urgency of this matter and the need to coordinate with Topeka to provide these notices, the goal is to obtain HQ approval of the drafts by Friday.

We will keep you posted.

Tom

Thank you and remember—stay safe, wear your mask!

Charlie Cash

Industrial Relations Director

American Postal Workers Union, AFL-CIO