Shows & Panels
Shows & Panels
- The 2014 Big Picture on Cyber Security
- AFCEA Answers
- American Readiness: Renewable Power and Efficiency Technologies
- Ask the CIO
- Building the Hybrid Cloud
- Connected Government: How to Build and Procure Network Services for the Future
- Continuing Diagnostics and Mitigation: Discussion of Progress and Next Steps
- Federal Executive Forum
- Federal News Radio's National Cyber Security Awareness Month Special Panel Discussion
- Federal Tech Talk
- The Future of Government Data Centers
- The Future of IT: How CIOs Can Enable the Service-Oriented Enterprise
- Government Perspectives on Mobility and the Cloud
- The Intersection: Where Technology Meets Transformation
- Maximizing ROI Through Data Center Consolidation
- Mitigating Insider Threats in Virtual & Cloud Environments
- Modern Mission Critical Series
- The New Generation of Database
- Reimagining the Next Generation of Government
- Targeting Advanced Threats: Proven Methods from Detection through Remediation
- Transformative Technology: Desktop Virtualization in Government
- The Truth About IT Opex and Software Defined Networking
- Air Traffic Management Transformation Report
- Cloud First Report
- General Dynamics IT Enterprise Center
- Gov Cloud Minute
- Government in Technology Series
- Homeland Security Cybersecurity Market Report
- National Cybersecurity Awareness Month
- Technology Insights
- The Cyber Security Report
- The Next Generation Cyber Security Experts
Shows & Panels
TSP executive director gives update on data breach
Wednesday - 6/13/2012, 9:23pm EDT
It's been nearly three weeks since the Thrift Savings Plan board announced a data breach of 123,000 TSP accounts, and since then, the board has been fielding questions from participants, Congress and the media.
One of the most common questions: Is my account safe?
If a participant did not receive a letter from the TSP board, their account is not affected by the breach, said Greg Long, the executive director of the TSP, in an interview with Your Turn with Mike Causey.
The 123,000 participants whose data was compromised received a letter from the TSP board dated May 25 notifying them of the data breach and offering a free credit monitoring service for one year.
In July 2011, a breach at a TSP contractor — Serco, Inc. — compromised the data of 123,000 accounts. Most of the data accessed included social security numbers only. However, of those 123,000, about 43,000 participants had their names, addresses, social security numbers and other information — possibly bank routing numbers — also compromised,
The TSP board would have a participant's bank routing number only if the person is in a payment status, "which is more likely if you are retired," Long said.
Long emphasized that of the total 4.5 million TSP participants, the breach only affects less than 3 percent of the TSP population.
He pointed out that despite the data breach, there was no indication the data had been misused.
"Nobody lost a nickel in any of this," Long said.
Another question is why it took so long for the board to find out about the breach, which occurred in July 2011 — the board did not find out from the FBI until April of this year. Sen. Susan Collins (R-Maine) has called on the FBI to answer questions about the hack, including when the FBI knew about the breach.
That question — along with where the attack came from — is not information the TSP board has at this time, Long said.
"We don't do criminal investigations. The FBI does," he said.
He added, "My job ... once we knew about this, is to figure out how to respond, how to make sure it never happens again and figure out how to be transparent with our participants now that we've announced it."
Moving forward means taking a hard look at the board's own computer systems. Although TSP.gov was not a target in this breach, the incident was a reminder that "cyber risk is everywhere," Long said.
"While the bad guys build ladders, we're trying to build better and stronger walls everyday," he said.
The 123,000 accounts were on a single Serco computer that was a target of the cyber attack, Long said. That computer has been taken offline and scanned. The TSP board also took a "very significant look" at the entire network at that company, he said.
The board is now examining a "longer-term" solution to cybersecurity.
"That's not something you can do with bailing wire and chewing gum. We've got to put some significant thought behind how you architect the system for the future," Long said.