Can anyone be hacked and not even know? The answer to that question, of course, is yes. Just ask the Thrift Savings Plan (TSP), as social security numbers and other personal data for 123,000 account holders ended up ripped off from a contractor’s computer last year.
Names, addresses, and financial account and routing numbers of some accounts also suffered compromise, a company spokesperson said.
The hacking incident targeted a computer operated by contractor Serco Inc., which provides record-keeping services for 4.5 million federal employees, service members and beneficiaries with TSP accounts, said Kim Weaver, spokeswoman for the Federal Retirement Thrift Investment Board, which manages the TSP program.
“It was a sophisticated attack that overcame the defenses [Serco] had in place,” Weaver said.
Since then, TSP and Serco enhanced their cyber security. “We have monitored our TSP accounts, [and] we have no reason to believe that the data was misused in any way.”
The attack occurred in July, but the Federal Retirement Thrift Investment Board and Serco were not aware of it until the FBI notified them last month, Weaver said. They immediately shut down the infected computer and the security of all TSP and Serco systems reviewed.
FBI spokeswoman Jacqueline Maguire said because the investigation is ongoing she could not say when the FBI knew about the attack or why it took nearly a year to notify TSP officials and Serco.
The Federal Retirement Thrift Investment Board notified affected TSP account holders Friday and detailed in a letter how to connect with a call center for support and services, including free credit monitoring. Account holders did not get notification until the board determined who suffered the compromise.