LiteBlue Net-to-Bank, Direct Deposit Restored

Late last week the Postal Service shared with the APWU that LiteBlue was experiencing issues and that direct deposit and net to bank functionalities had been deactivated once again. The APWU was notified that these functions were reactivated on Monday July 17.

Some applications were accessing LiteBlue

After an investigation, the Postal Service identified patterns where certain applications were logging on through anonymous virtual private network (VPN) connections and making changes to direct deposit and net-to-bank allotments. The employees who were affected by this fraudulent activity had voluntarily granted the apps access to make these changes by giving them their employee Identification numbers (EINs), passwords, as well as Multi-Factor Authentication (MFA) information.

Never give out EINs or Multi-Factor Authentication info

It is imperative that no one give out this information or it can compromise the system.

The Postal Service is now blocking all connections that use an anonymous VPN connection. If you are using an anonymous VPN you will not be able to login to LiteBlue. You will need to turn the anonymous VPN off in order to login.

Additional information from the USPS

 Here are some additional details provided to the APWU by the Postal Service on connecting to LiteBlue:

 •       Due to elevated security threats, we implemented additional device and location security policies in LiteBlue in March 2023.

•       These policies monitor user log in activity to detect anomalies associated with known security threats, such as phishing, account takeover, etc.

•       Specifically, the additional security policies monitor IP addresses, locations, devices, and time between attempted log ins. 

•       Ultimately, these policies are designed to safeguard employee account information by blocking attempted log ins from unrecognized devices or locations.

 We are working with the helpdesks to improve the process when reporting issues.

 If you do get your account reset you should set up MFA from their personal device to avoid potential issues with device / location security policies.  We are updating the user guides and FAQ’s.

If your account is locked

To clarify the last point provided by the Postal Service, when an employee has their account locked or blocked they need to get it reset. It may require a temporary password be mailed to the employee. The employee will need to call the Human Resource Shared Service Center (HRSSC) to get that temporary password sent out. Second, the HRSSC will get them in contact, transfer them, and have them call the IT helpdesk to get their account unlocked.

This is the important part: when an employee tries to log back in for the first time after an unlock or MFA reset, they will need to make sure they do so from outside the Postal Service on their personal device — not on the Blue network. If they do log on from inside the “Blue” network (basically from a postal computer) and then log in from a personal device, they will be locked out again. The Postal Service is working to improve the login process all the time. We will continue to update members as we get more information from the Postal Service.