CBS News
Amid surging mail theft, post offices failing to secure universal keys
The U.S. Postal Service has pledged rigorous action to combat the rising theft of Americans’ mail — from checks and packages to the sensitive information that identity thieves crave.
But even as mail theft skyrocketed, from fewer than 60,000 complaints in 2018 to more than 250,000 in 2023, a CBS News investigation has found the postal service is not consistently taking steps to secure millions of universal “arrow keys” that open bulk mailboxes in apartment buildings and neighborhoods coast to coast.
A CBS News review of thousands of pages of audits, court records and agency documents obtained under the Freedom of Information Act show postal workers and supervisors not tracking the keys, not locking them up and not reporting them missing.
In audit after audit of postal facilities from New York to Los Angeles, the agency’s independent inspectors documented workers and supervisors failing to follow basic, long-standing regulations meant to protect the keys — and to prevent one easy way thieves are stealing Americans’ mail in bulk.
From 2019 to 2024, the records reviewed by CBS News showed that auditors checked 84 postal facilities for issues related to securing their arrow keys. In 76 facilities across 25 states and the District of Columbia, the inspectors found untracked or unsecured arrow keys.
That’s 90% of all sites checked, according to the data gathered by CBS.
In September, the Postal Service Inspector General identified arrow key accountability as one of three areas the post office should focus on to cut down on mail theft. That followed an earlier audit faulting arrow key security failures in 2020.
“If supervisors are not aware of or do not act to account for and report missing arrow keys to the Postal Inspection Service, there is an increased risk of mail theft continuing to occur,” the inspector general wrote in 2023. “These thefts damage the Postal Service’s reputation and diminish public trust in the nation’s mail system.”
That’s certainly the case for Maria Tsalis, who learned from local police in January that thieves were swiping mail from the cluster mailboxes in her neighborhood in Palos Heights, Illinois.
“I completely know they would have just emptied out my bank account. Luckily, it was only the two checks,” Tsalis said.
In response to the September 2023 inspector general report, Postal Service leaders said the agency would be implementing increased arrow key training and awareness in November.
However, the records CBS reviewed show the failures continue.
As of last month, inspectors found arrow key security issues at 10 of the 12 facilities inspected so far this year, including postal sites in California, Texas, Minnesota and Maryland.
Federal law enforcement, members of Congress and the Postal Service itself have been reiterating for decades the vulnerability of the mail to the loss and theft of the universal keys that open the ubiquitous blue collection boxes and cluster delivery boxes at apartments and subdivisions coast to coast. CBS found references to lax arrow key controls dating back to 1999.
“In the 25 years that you’re talking about — in the early part of that 25 years — we’ve done one-off mitigation strategies to address weaknesses or vulnerabilities that were found with the current arrow key system” rather than implementing a broader solution, said Peter Rendina, the USPS’ deputy chief postal inspector.
The agency now says it is upgrading mailboxes with electronic locking mechanics — a project that will take many years and billions of dollars. In the meantime, officials pledge better security over arrow keys.
Rendina noted there are hundreds of thousands of routes and postal boxes to upgrade nationwide.
“This is not an overnight change,” Rendina said.
To assess how well the agency protects the keys, CBS News examined every review of postal facilities in the last decade. The documents paint a picture of inspectors finding basic security problems — with some patterns of repeated failures that violate Postal Service regulations.
Among the problems identified:
-
17 missing arrow keys at the Eagan, Minn., post office in 2024. Inspectors noted “management was not aware of any missing arrow keys” until inspectors pointed it out. Seven years earlier, the inspector general also found unsecure arrow keys in Eagan.
-
At Carrollton Station in New Orleans, inspectors reported a secure space for keys “left unattended with the key left in the lock several times throughout our visit” in 2023.
-
At the Inglewood Carrier Annex in Southern California, inspectors this year found more than half of the keys on the inventory — 88 of 130 — were missing and found the staff had certified its arrow key list was accurate without “inventorying actual keys on hand.”
-
When inspectors checked 16 postal facilities in a 2019 sweep across the Richmond, Virginia, region, they found lax arrow key security at 15 locations. At one site, “management could not locate 10 arrow keys” and facility managers had last updated the log of arrow keys more than two years earlier.
Repeat problems often show up in reports about the same locations.
Inspectors found unsecured arrow keys at the central carrier station in New Orleans during a check in 2020. They returned three years later, in 2023, and the facility could only account for keys for 21 of 49 routes.
Carriers had kept 20 overnight, in violation of Postal Service rules that require the keys to be checked in and out, tracked and locked up when not in use. The cage where keys were supposed to be locked up “was often left open and unattended throughout our visit,” inspectors wrote — a problem noted in reports for many facilities.
The inspector general also said the Postal Service does not have a national inventory of keys, does not know how many exist or how many are missing, stolen or broken. When asked how many keys are in circulation, agency leaders told the inspector general that they did not know — estimating only “in the millions.”
That did not surprise Inspector General Tammy Hull.
“It’s not surprising, but it’s concerning,” Hull told CBS. “And it’s something that we see basically everywhere we go.”
“It’s a problem because the keys are critical to mail security,” she said.
The issue of carriers and other postal workers having open access to keys is important because that’s one of the ways criminals are getting the keys.
Federal arrest dockets and court cases are littered with examples of postal employees stealing the keys, selling the keys or taking bribes in exchange for the keys.
In April 2023, auditors inspected four postal facilities across South Florida and found lax security around arrow keys at three of them.
Less than two months later, federal agents got a tip about a postal worker in the region trying to sell arrow keys for $10,000. They set up a sting and the worker sold an undercover agent an arrow key and a half-million dollars in stolen checks, according to court documents.
The arrested worker, the prosecutor said, admitted to stealing arrow keys, selling arrow keys and having a duffel bag full of checks worth hundreds of thousands of dollars at his home.
The trade of arrow keys is not uncommon. “Arrow keys can start at $1,000 and can get up to $7,000” on the internet black market tracked for years by criminology professor David Maimon of Georgia State University.
Desire for arrow keys has also led to violence against carriers. In a letter to U.S. Rep. Jamie Raskin, a Democrat from Maryland, Postmaster General Louis DeJoy said last year that 82% of robberies targeted arrow keys.
Documents obtained by CBS News revealed the number of cases of robbery or assault against USPS employees increased every year from 2014 to 2023. In 2023, there were 1,129 cases. That’s a 404% increase over 2014, when there were 224.
Meanwhile, during the surge in mail theft, the Postal Inspection Service assigned to protect the mail and postal workers’ safety faced tight budgets and staffing. The postal police got $541 million in 2004 and $584 million in 2023 – a 33% decline when adjusted for inflation.
Staffing of the inspection service also dropped from 2,914 inspectors in 2015 to about 2,300 in 2022, the last year it provided estimates.
CBS News
Popular gluten free tortilla strips recalled over possible contamination with wheat
A food company known for popular grocery store condiments has recalled a package of tortilla strips that may be contaminated with wheat, the U.S. Food and Drug Administration said Friday. The product is meant to be gluten-free.
Sugar Foods, a manufacturing and distribution corporation focused mainly on various toppings, artificial sweeteners and snacks, issued the recall for the “Santa Fe Style” version of tortilla strips sold by the brand Fresh Gourmet.
“People who have a wheat allergy or severe sensitivity to wheat run the risk of serious or life-threatening allergic reaction if they consume the product,” said Sugar Foods in an announcement posted by the FDA.
Packages of these tortilla strips with an expiration date as late as June 20, 2025, could contain undeclared wheat, meaning the allergen is not listed as an ingredient on the label. The Fresh Gourmet product is marketed as gluten-free.
Sugar Foods said a customer informed the company on Nov. 19 that packages of the tortilla strips actually contained crispy onions, another Fresh Gourmet product normally sold in a similar container. The brand’s crispy onion product does contain wheat, and that allergen is noted on the label.
No illnesses tied to the packaging mistake have been reported, according to the announcement from Sugar Foods. However, the company is still recalling the tortilla strips as a precaution. The contamination issue may have affected products distributed between Sept. 30 and Nov. 11 in 22 states: Arizona, California, Colorado, Florida, Georgia, Iowa, Idaho, Illinois, Indiana, Maryland, Maine, Michigan, Minnesota, North Carolina, New Jersey, Ohio, Oregon, Pennsylvania, Texas, Utah, Virginia and Washington.
Sugar Foods has advised anyone with questions about the recall to contact the company’s consumer care department by email or phone.
CBS News reached out to Sugar Foods for more information but did not receive an immediate reply.
This is the latest in a series of food product recalls affected because of contamination issues, although the others involved harmful bacteria. Some recent, high-profile incidents include an E. coli outbreak from organic carrots that killed at least one person in California, and a listeria outbreak that left an infant dead in California and nine people hospitalized across four different states, according to the Center for Disease Control and Prevention. The E. coli outbreak is linked to multiple different food brands while the listeria outbreak stemmed from a line of ready-to-eat meat and poultry products sold by Yu-Shang Foods.
CBS News
Gazan chefs cook up hope and humanity for online audience
Be the first to know
Get browser notifications for breaking news, live events, and exclusive reporting.
CBS News
Serving up home-cooked dog food
Be the first to know
Get browser notifications for breaking news, live events, and exclusive reporting.