Shows & Panels
Shows & Panels
- The 2014 Big Picture on Cyber Security
- AFCEA Answers
- American Readiness: Renewable Power and Efficiency Technologies
- Ask the CIO
- Building the Hybrid Cloud
- Connected Government: How to Build and Procure Network Services for the Future
- Continuing Diagnostics and Mitigation: Discussion of Progress and Next Steps
- Delivering the Digital Government Mission
- Federal Executive Forum
- Federal News Radio's National Cyber Security Awareness Month Special Panel Discussion
- Federal Tech Talk
- The Future of Government Data Centers
- The Future of IT: How CIOs Can Enable the Service-Oriented Enterprise
- Government Perspectives on Mobility and the Cloud
- The Intersection: Where Technology Meets Transformation
- Maximizing ROI Through Data Center Consolidation
- Mitigating Insider Threats in Virtual & Cloud Environments
- Modern Mission Critical Series
- The New Generation of Database
- Reimagining the Next Generation of Government
- Targeting Advanced Threats: Proven Methods from Detection through Remediation
- Transformative Technology: Desktop Virtualization in Government
- The Truth About IT Opex and Software Defined Networking
- Air Traffic Management Transformation Report
- Cloud First Report
- General Dynamics IT Enterprise Center
- Gov Cloud Minute
- Government in Technology Series
- Homeland Security Cybersecurity Market Report
- National Cybersecurity Awareness Month
- Technology Insights
- The Cyber Security Report
- The Next Generation Cyber Security Experts
Shows & Panels
Cyber attack against TSP contractor exposes thousands of accounts
Friday - 5/25/2012, 2:12pm EDT
A sophisticated cyber attack against the Thrift Savings Plan contractor responsible for maintaining the agency's data centers compromised the information of 123,000 TSP participants.
Of the compromised accounts, about 43,000 had personal information, such as names, Social Security numbers and bank-account numbers exposed. Another 80,000 compromised accounts had only Social Security numbers and other TSP-related information exposed.
However, there is no indication the data has been misused, according to the Federal Retirement Thrift Investment Board. There is also no evidence the TSP's network or its website was affected.
Serco, Inc., a Reston, Va.-based IT firm, operates the board's data centers and maintains the TSP record-keeping system. The FBI uncovered the breach and informed the TSP board in April.
"We sincerely regret that this event occurred ... We are working with Serco and other security experts to ensure that TSP data is protected and secure," said Greg Long, director of the FRTIB.
Painstaking process to identify account-holders
The board will mail letters to affected participants beginning today.
Despite being informed of the attack in April, it took five weeks for the board to identify all of the affected account-holders.
"The data we got was in numerous files and was not in a usable format," said Kim Weaver, TSP's director of external relations, in an email to Federal News Radio. "Some files were simply strings of numbers, which we had to untangle" to determine what personally identifiable information had been exposed, she added. Finally, the information was checked against the TSP database to pinpoint a match.
"We have announced the breach as quickly as we were able," Weaver said.
Once Serco was informed of the attack, the company shut down the compromised computer and both the company and the FRTIB launched a task force to review computer security procedures.
The board has also established a call center to provide credit monitoring and will flag all affected TSP accounts to make sure future account activity "receives heightened scrutiny," according to the board's release.
The TSP, federal employees' 401(k)-style retirement savings plan, has about 4.5 million accounts and total assets of about $313 billion.