PDA

View Full Version : TSP Hacked



RealMoneyIssues
05-25-2012, 12:48 PM
123,000 Thrift Savings Plan accounts hacked

By Nicole Blake Johnson (njohnson@militarytimes.com?subject=Question%20fro m%20NavyTimes.com%20reader) - Staff writer
Posted : Friday May 25, 2012 13:02:41 EDT



123,000 Thrift Savings Plan accounts hacked - Navy News | News from Afghanistan & Iraq - Navy Times (http://www.navytimes.com/news/2012/05/federal-tsp-accounts-hacked-last-year-052512)

nnuut
05-25-2012, 12:54 PM
Damnit!!!!!!

James48843
05-25-2012, 01:48 PM
I am NOT a happy camper.




Computer hacking incident reported — In April of 2012, the Federal Bureau of Investigation (FBI) informed the FRTIB and Serco that in July of last year, a computer belonging to Serco, a third party service provider used in support of the TSP, was subjected to an unauthorized access incident. This incident resulted in the unauthorized access to the personal information of 123,201 TSP participants and payees. When the TSP learned of the cyber attack, we took immediate steps to investigate and notify our participants and other affected individuals. The FRTIB has issued a press releasehttp://www.tsptalk.com/resources/images/icon_pdf_tiny.gif (http://www.tsptalk.com/PDF/formspubs/Press.Release.2012-05-25.Cyber.pdf) and has published a list of frequently asked questions (FAQs) below containing more detailed information about this incident.


Frequently Asked Questions (FAQs) (http://www.tsptalk.com/mb/#)


What happened?
In July of 2011, a computer belonging to Serco, a third party service provider used in support of the TSP, was subjected to a sophisticated hacking incident resulting in unauthorized access to the personal information of approximately 123,201 TSP participants and payees.
In April of 2012, the FRTIB and Serco were informed of the unauthorized access incident by the Federal Bureau of Investigation.

What personal information was accessed?
Several files with different combinations of data of approximately 123,201 individuals were accessed.
The names, addresses, and Social Security numbers of roughly 43,000 individuals were in the accessed files. In some cases, this group of data also included financial account numbers and routing numbers.
Another group of roughly 80,000 had their Social Security numbers and some TSP-related information accessed, but their name was not associated with this information.

What has TSP done in response to the cyber attack?
First, on May 25th, we sent notification letters to everyone whose personal information was in the affected files. The FRTIB and our service provider have been working to avoid future incidents. Steps taken include an immediate shutdown of the compromised computer, a response team that is conducting a systemwide review of all computer security procedures, and further enhanced computer security.

Is there any evidence that this data is being used inappropriately? How would you know?
The TSP does not have any evidence that any personal information has been used or is being misused or disclosed to other persons.

How will I know if my personal information was used inappropriately?
We have no reason to believe that the data has been misused. Further, we have notified all individuals whose personal information was affected. We have engaged Kroll Inc., the world’s leading risk consulting company, to provide its ID TheftSmartTM service for one year to the affected individuals. Among other features, this service offers credit consultation and continuous credit monitoring throughout the length of the service. We also have suggested steps that affected individuals can take to protect themselves. For additional information about identity theft, visit the Federal Trade Commission (FTC) website at Deter. Detect. Defend. Avoid ID Theft (http://www.ftc.gov/idtheft).


Is tsp.gov safe to use?
Yes. There is no indication that the TSP network itself was subjected to unauthorized access. Rather, it was a Serco computer that was subject to a cyber attack.



I think I would challenge the common sense of that last bullet question. I'm changing my password at tsp.gov just for good measure. I had already changed my user ID and pass somewhat regularly- but this really ticks me off.

Warrenlm
05-25-2012, 06:09 PM
I'm still remembering the "loss" of computer tapes in Philadelphia airport being shipped by Bank of America ....seems like 100 years ago....and the calm way BOA and the USG dealt with it...."Oh well"....I wonder if the tapes made it to China or the East Bloc....

James48843
05-26-2012, 10:03 AM
Govexec.com has a more extensive article on the TSP hacking:

Cyberattack exposes 123,000 TSP accounts - Pay & Benefits - GovExec.com (http://www.govexec.com/pay-benefits/2012/05/tsp-accounts-exposed-breach/55927/?oref=top-story)

The letters that the Thrift Board are sending out WERE ONLY PUT IN SNAIL MAIL YESTERDAY- so don't expect to receive notice until the Post Office delivers the bad news to you NEXT WEEK.


(Does anyone else but me find it ironic that even though we have instant access to our TSP accounts via computer, and that many people have given the TSP our email address, that the TSP cannot send out an email blast with the warning, and chooses instead to send it by postal mail, which will delay, by perhaps a week or more, the information from being sent to those who's information has been compromised?)

YOU may be one of those who's information was hacked. TSP knows if your data was on that disc- but you don't.
But you MAY find out next week....IN THE MAIL.

I am furious. Again.

Khotso
05-26-2012, 01:08 PM
Govexec.com has a more extensive article on the TSP hacking:

Cyberattack exposes 123,000 TSP accounts - Pay & Benefits - GovExec.com (http://www.govexec.com/pay-benefits/2012/05/tsp-accounts-exposed-breach/55927/?oref=top-story)

The letters that the Thrift Board are sending out WERE ONLY PUT IN SNAIL MAIL YESTERDAY- so don't expect to receive notice until the Post Office delivers the bad news to you NEXT WEEK.


(Does anyone else but me find it ironic that even though we have instant access to our TSP accounts via computer, and that many people have given the TSP our email address, that the TSP cannot send out an email blast with the warning, and chooses instead to send it by postal mail, which will delay, by perhaps a week or more, the information from being sent to those who's information has been compromised?)

YOU may be one of those who's information was hacked. TSP knows if your data was on that disc- but you don't.
But you MAY find out next week....IN THE MAIL.

I am furious. Again.

And their response was essentially: "We've taken the compromised computer off-line and beefed up our security measures." Lame!

Warrenlm
05-28-2012, 10:48 AM
Lame, sure. But essentially the same as every public and private sector entity's. No sense in getting the masses upset. Let all the problems for individuals thus created remain anonymous and below the radar of the masses posting on Facebook and tweeting their inner thoughts.

mrgoodwx
05-31-2012, 05:37 PM
Considering we've had mail stolen (not since I installed a locking box)...we've seen mail being stolen from other mailboxes...and we receive other people's mail at least once a week, being told that TSP is only sending snail mail to those effected...I called them today. At least I was able to speak with someone who confirmed that my account was not among those compromised. You might want to call to make sure...


Govexec.com has a more extensive article on the TSP hacking:

Cyberattack exposes 123,000 TSP accounts - Pay & Benefits - GovExec.com (http://www.govexec.com/pay-benefits/2012/05/tsp-accounts-exposed-breach/55927/?oref=top-story)

The letters that the Thrift Board are sending out WERE ONLY PUT IN SNAIL MAIL YESTERDAY- so don't expect to receive notice until the Post Office delivers the bad news to you NEXT WEEK.


(Does anyone else but me find it ironic that even though we have instant access to our TSP accounts via computer, and that many people have given the TSP our email address, that the TSP cannot send out an email blast with the warning, and chooses instead to send it by postal mail, which will delay, by perhaps a week or more, the information from being sent to those who's information has been compromised?)

YOU may be one of those who's information was hacked. TSP knows if your data was on that disc- but you don't.
But you MAY find out next week....IN THE MAIL.

I am furious. Again.

maydaymayday
06-01-2012, 10:48 AM
Been unable to find out what of my personal information has been compromised.

I received TSP letter 29 May 2012. Letter is vague, in two phone calls to TSP, 2 different reps gave different/conflicting information. Consequently, I have no clue exactly what personal information has been comprised.

Bullitt
06-01-2012, 06:18 PM
Yeah this really bites but unfortunately it's the new reality.


A sophisticated cyberattack on the computer of a third-party Thrift Savings Plan contractor compromised the personal information of tens of thousands of TSP participants.
That's usually the catch phrase but Comodo was rocked a few years ago by an alleged foreign government. Turned out it was some 15 year old kid messing around in his mom's basement.

Maybe it's not as bad as it sounds. Mailing addresses and routing numbers were taken but how easy is it to obtain routing and account numbers from check written out by somebody else?

It's not uncommon for breaches to go unnoticed for so long and there are hundreds out there that are yet to be known. Protect yourself by getting a free credit report this weekend to look over. Be proactive. Looking at a credit statement is one of the best things you can do to to spot anomalies in your history.

Social security numbers aren't as important as they once were. Most banks are smart enough to ask for additional ID because of liability of loss, but some still use last four of SS# to reset passwords. If you have the choice, don't use Mother's maiden name, last four digits or anything that could be discovered off the internet. For example, start using security questions such as high school mascot, street you grew up on, first car, etc. An adversary can't find this stuff unless you're providing clues unintentionally (or intentionally) in social media.

James48843
06-03-2012, 06:40 AM
Politicians now getting into the act. Senator calls on Thrift Board to explain actions:

Lawmakers press for answers on Thrift Savings Plan cyber breach - Pay & Benefits - GovExec.com (http://www.govexec.com/pay-benefits/2012/05/lawmakers-press-answers-thrift-savings-plan-cyber-breach/55987/)

Warrenlm
06-03-2012, 08:38 AM
Now THAT will produce something! I want to know IMMEDIATELY when my personal data is spread in the chat rooms for hackers. That way I can get the worrying over immediately. And get back to America's Got Talent.

MrBowl
06-03-2012, 10:10 AM
My TSP has the best defense available - the stench of my performance and balance would drive any would-be scam artist away. :D