Shows & Panels
- The 2014 Big Picture on Cyber Security
- AFCEA Answers
- Ask the CIO
- Connected Government
- Consolidating Mission-critical Systems
- Constituent Servicing
- Continuous Monitoring: Tools and Techniques for Trustworthy Government IT
- The Data Privacy Imperative: Safeguarding Sensitive Data
- Eliminating the Pitfalls: Steps to Virtualization in Government
- Federal Executive Forum
- Federal Tech Talk
- Government Cloud Brokerage: Who, What, When, Where, Why?
- Government Mobility
- Mission-critical Apps in the Cloud
- Mobile Device Management
- The Modern Federal Threat Landscape
- The Path from Legacy Systems
- Understanding the Intersection of Customer Service and Security in the Cloud
Shows & Panels
Alice In Wonderland's TSP Account
Wednesday - 5/30/2012, 9:04pm EDT
Inquiring minds want to know:
Whether it is the John Edwards trial or rehashing the long-ago Watergate affair, the issue for many is the same. For them the coverup trumps the crime itself. It is not so much what somebody did or what happened, as it is what happened after that. The coverup/conspiracy can be more important and vile than the crime itself!
It comes down to this: What did "they" know and when did "they" know it? First the punishment, then the crime. Oh, and by the way, who is "they?"
It is impossible to know or determine how all 4.4 million account holders feel about the identity theft of some data from some (123,000) people with accounts in the Thrift Savings Plan. The TSP is the federal-military 401(k) program. Investors are a diverse group. They range from millionaires to modest savers, from congenitally cranky to angelic in outlook.
The TSP has been a hacker's dream target from day one. Some who wanted in were crooks, maybe foreign enemies. Others were simply business-types or, uh, hustlers anxious to get a slice of the huge, rich TSP pie.
People who sponsored precious metals funds, can't lose real estate funds, minority business funds, high-tech funds, etc., have pressured Congress to let them into the TSP's list of approved investments. The fact that millions of federal and postal workers invest regular as clockwork — every two weeks — in the TSP makes it a mouth-watering place to be. The fact that Uncle Sam pumps an additional 5 percent of salary into most TSP investors accounts (the company match) is another plus. That's a ton of free money. A tax-deferred 5 percent pay raise. That's 5 percent more than many private sector 401(k) investors get from their employer.
The contributions match, and the TSPs low administrative fees, are the reason both John Bogle — founder of Vanguard and father of the index-fund — and CBS Moneywatch columnist Alan Roth say they wish they could get into and invest via the TSP.
By now most TSP investors know that some of the accounts were hacked. The extent of the damage is yet to be known. Since the TSP was set up, each executive director has had the same nightmare: That someday, somebody or some intentity (a criminal cartel, a foreign government) will get in. As the TSP has gotten bigger, that threat only increased. Now it has happened.
In addition to the what's next?, which is a fair question, some account holders are asking the standard, 'How did it happen? When did you know?' questions. Typical is this comment from an IRS employee:
"The question I have is why did the TSP release this information after one month and the FBI had the information since July of last year...in our job (at the IRS) we need to notify management immediately if any information was released that should not have been. Why the double standard? The TSP releases the information on a Friday prior to a long three day weekend! That is very suspicious to me!! The federal employee whose information was stolen should be properly compensated!! How can we trust executive director Greg Long and the TSP Board if they are not being honest." — IRS Employee
A spokeswoman for the TSP said it is a little more complicated than that:
"We know that the timing is a source of great concern. The cyber attack happened in July of 2011. That does not mean that the FBI knew about it in July of 2011. The FBI is not commenting on when they discovered the attack. The TSP was informed in April of the attack and we spent 5 weeks trying to untangle the data to find out who was impacted. We notified people as quickly as we possibly could while arranging for credit monitoring to be provided to the affected individuals at no cost to them."
Federal unions that are paid to and enjoy whacking management are sticking with the TSP. National Treasury Employees Union President Colleen Kelley had urged members to take advantage of free credit monitoring being offered to certain employees. TSP participants whose data may have been hacked are supposed to learn this week — by mail — how to enroll in the monitoring program.
It may be awhile before we get answers to the what-did-you-know, when-did-you-know-it questions. And before somebody is drawn and quartered as a result.
The only winners, if you can call it that, may be totally-innocent-but-still-beleagured employees of the General Services Administration and the Secret Service. The heat, maybe, is off them. At least for awhile. Unless of course their accounts were hacked too. Talk about adding insult to injury.