A network containing the confidential records of more than 120,000 federal employees was hacked last year, yet it took nearly 11 months for the breached company to notify those affected.
The Federal Times reported that on May 25, the Federal Retirement Thrift Investment Board (FRTIB) which manages the Thrift Savings Plan (TSP), a retirement savings plan for federal employees, began notifying approximately 123,201 TSP participants and payees that, in July 2011, a computer at a Virginia TSP center was infiltrated by a "sophisticated cyberattack."
The unknown attackers accessed files storing the names, addresses and Social Security numbers of 43,587 individuals, the FRTIB said; some of the files also included financial account numbers and routing numbers, putting those affected at serious risk of fraud and identity theft.
[How You're Putting Your Company at Risk for a Data Breach]
A separate group of 79,614 TSP payment recipients had their Social Security numbers accessed, but not their names.
In April 2012, nine months after the incident, the FBI informed the FRTIB of the attack. In its May 25 advisory, the FRTIB said it immediately shut down the compromised TSP computer and formed a response team to conduct a "systemwide review of all computer security procedures."
FRTIB external affairs director Kim Weaver told SecurityNewsDaily the TSP alerted affected members as soon as the FBI notified it of the breach.
According to the TSP, there is "no reason to believe" that any of the accessed members' financial data was misused.
Despite the assurance from the hacked company, several of the members whose accounts were breached criticized the TSP for not disclosing the details at the time of the incident, nearly a year ago.
"I am past furious," TSP member Rosalyn Linker told the Federal Times. "I don't care that TSP got hacked, I care that it took us 10 months to find out. Who knows that someone's been doing with my Social Security number for 10 months?"
This article was updated by Security News Daily at 12:50 p.m. ET Tuesday.
- Computer Worms: What They Are and How to Stop Them
- Hackers Claim Attacks on Warner Bros., China Telecom
- Top 10 Identity Theft Protection Services
Copyright 2012 SecurityNewsDaily, a TechMediaNetwork company. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.
