Is a Foreign Country Building a Database of Federal Employees' Data?

By on May 30, 2012 in Current Events with 36 Comments

Recent reports are suggesting that the data breach of the TSP that left the personal information of approximately 123,000 federal employees exposed may go deeper than it would seem on the surface.

The Federal Retirement Thrift Investment Board (FRTIB) said that there is no evidence to suggest that the hackers responsible for the breach were misusing or disclosing the data to other parties.

However, Nextgov Senior Correspondent Aliya Sternstein reports in a recent article that there is evidence to suggest that another country might be building a database of US government employees.

Sternstein quoted cybersecurity analyst James Lewis, who advises Congress and the Obama administration, who said he has the impression that, “At least one smart country is building a data base on [U.S. government] employees, using things like TSP and social networks” and said also, “It’s hard to believe they [the perpetrators] didn’t go after any money.”

Sternstein also noted that the full extent of the data breach may not be known for a while because if the data were to be sold on the black market, it could potentially take months for the information to work its way through the system.

The Federal Times reported that Senator Susan Collins (R-ME) asked the FBI and the FRTIB why it took them so long to report the breach. Many users who are TSP participants wanted to know the same thing.

According to the Federal Times article, FRTIB external affairs director Kim Weaver said that at first, the data were unreadable and it took some time to decipher them and detect a breach. The FRTIB also wanted to be sure it knew exactly who was affected so it could inform just those individuals rather than prematurely and needlessly frightening every TSP participant.

As more information becomes available we will continue to keep you updated.

© 2016 Ian Smith. All rights reserved. This article may not be reproduced without express written consent from Ian Smith.


About the Author

Ian Smith is one of the co-founders of He enjoys writing about current topics that affect the federal workforce. Ian also has a background in web development and does the technical work for the web site and its sibling sites.

Post a Reply

Your email address will not be published. Required fields are marked *

36 Replies

Comments RSS

  1. Cindyl541 says:

    You’re all paranoid. Put your money in a mattress if you’re worried. It’s safer there anyway. If you’ve got anything else to hide, you get what you deserve, as do I.  

  2. SteveW says:

    Whenever a news article appears in the mainstream press and it discusses illegal and criminal activity, especially of an espionage or financial flavor, and they refer to the offender as some unidentified ‘foreign nation’ – then there is a 99.99% probability that the nation is Israel.  

    This habit of the mainstream news media to discuss the facts surrounding a given incident that have been uncovered, but play this coy little game of referring to the perpetrators as an ‘unidentified, or unspecified foreign nation’ really isn’t fooling anyone who has an IQ above room temperature – so, why not just report the truth? 

  3. Average American says:

    There is so much data available on the internet these days it is getting to be a concern. Just thinking out loud, but “what if” a foreign nation did want to find out which ‘Federal Employees” were having financial trouble, or credit issues. If they could do that over the net, it sure would make it easy for them to “select”  and “harvest’ a list of potential people to contact and recruit in an effort to pay for espionage secrets.  In the old days spies would try to get folks into compromising positions so they could blackmail them. Maybe now they just check their financials out on the internet, to see who might be receptive to bribes. 

  4. say what??? says:

    What is SERCO. the third party contractor, supposedly doing for TSP??????

  5. guest says:

    I found an interesting post concerning Sarco….the 3rd party contractor that had the computer hacker that got TSP account and other private info…check this out

  6. Bess144 says:

    I would like to know what criteria the hacker used to select the accounts which were breached.  If it was only 2% of the total TSP participants, there might have been a common characteristic in those accounts.  I was one of them.

  7. fed up fed says:

    123,000 people will get  the letter that TSP will not release.  How many copies of this letter end up on the interent within the first day?  hidng infomration is never good and will cause even more peole to call the phone number on the letter.

  8. Guest says:

    Who are they kidding…..they have already “frightened every TSP participant”…..what a ridiculous response by the FRTIB.

  9. Retired Fed says:

    I am sure glad I retired this year and reinvested my TSP funds.

  10. Average American says:

    Let me get this right! So the TSP did not tell us about the data breach (for a very long time) because they did not want to unnecessarily “frighten” those in TSP not impacted by it. But, they don’t really know who all was impacted since the data was unreadable when first obtained? So they waited until what! Sounds like “big brother” making decisions for us again since we can’t be trusted on our own to decide to take reasonable action to protect our other accounts and data. I don’t like my ability to make decisions (based even on partial data) being usurped by others with better access to that data that impacts, or may impact, me. 

    Has anyone coordinated with the credit bureaus to determine if this “hacked” data has been used to do anything with the impacted TSP investors credit ratings or data contained in those files?  Someone said they had a problem with their credit card. I have has a recent problem with a home insurance rate which suddenly increased by $1,000 dollars a year. When I called on it, they said it went up due to to a credit issue. The thing is- I have excellent credit and guard it carefully, and even have life-lock, just to be safe.  

    Somebody needs to get their act together.

    • Old Fed says:

      This is not all TSP’s fault. The FBI knew about the breach a year ago and failed to inform TSP until the middle of April. They sent a file to TSP which was unformatted and contained strings of numbers. The data included account numbers, SSNs, etc., with no way to distinguish one data field from another. It took TSP about 3 weeks to decipher this data file. As soon as they did, they notified participants. It’s the FBI that should be answering these questions, rather than TSP.

      • RETVET03 says:

        The FBI is not responsible for originally securing the data.  And I’d be willing to bet that “unformatted file” was nothing more than a file in CSV format or perhaps a chunk of an excel file (or some other spreadsheet format).  I doubt it would take forensic data experts at the FBI or ones hired by TSP three weeks to “decipher” the file.  I would make an educated guess that the “decipher” statement is nothing more than a PR ploy to establish either plausible deniability or to obfuscate some other facts.

      • Average American says:

        So the FBI is incompetent, and the TSP mishandled the whole matter. None of that justifies not adapting to the modern internet world and keeping data secure. When there is a “breach” it needs to be addressed carefully and promptly. I am not putting all the blame on TSP, but they do have an obligation to protect participants data. Unfortunately, there is entirely too much of this identity and credit card fraud going on. 

  11. report please says:

    We need official information.   

  12. report please says:

    Still waiting for details on how it happened, how much it will cost us, and how it will be prevented in the future.   

  13. Vicarz says:

    I’m not thrilled by the prospect, but after all the nutjobs accusing us of having a vast conspiracy – it’ll be just great to point out that we’re actually the _victims_ of a vast conspiracy!

  14. Steve says:

    Here’s a tip for everyone who still has their heads stuck in a hole in the ground.

    Whenever we see a news article of this type, where some dastardly deed – espionage for example,
    or in this case, computer hacking,  is uncovered – and the writer of the article uses the phrase ‘foreign country or nation’ or perhaps ‘an unspecified foreign nation’ or ‘unnamed foreign nation’ – this is being done for a reason.    Let me be precise:  The identify of the foreign nation who is suspected to be involved is not mentioned because the identity of that foreign nation is very likely one particular nation in the Middle East who has a long and well documented history of spying and engaging in a whole host of nefarious activity against the United States.  This same foreign nation owns our entire US Congress as well as our White House.   This same foreign nation chooses who we get to vote for in every Presidential election.

    Need any more hints?   Okay, one more.    Do a google search on June 8, 1967 and see what major event happened on that particular day.  

  15. Bryan H says:

    i wonder if this “foreign country” would help us collect back taxes owed by so many federal employees.

  16. Postal51 says:

    Appriciate being given information about the hacking of tsp site and info. included. Hope to be informed as quickly as possible which country is building a database of US federal employees and the reason behind it. we need to be informed as US citizens and Federal employees on our funds and our information. We also need to be in the know on what is being done about this situation to protect us.

  17. lazycs says:

    The data base will be usefull if barak wins reelection and we become a 3rd word country. That way they will who can’t be trained to do sewing and other menial work

    • Debbielynnepaint says:

      Your ignorance is showing when you cannot even spell the President’s name correctly.

      • Retired Fed says:

         Being in a 3rd word country doesn’t help either. Unless we were hacked by a spelling bee contestant.

        • Fed Up! says:

          Please don’t insult intelligent school kids in the Nat’l Spelling Bee that work hard and know how to spell and write an intelligible sentence. Lazy can’t even read much less spell and write.  

          • Joe Hill says:

             “That way they will who can’t be trained to do sewing and other menial work”

            I think Lazy has been drinking an trolling.

      • Pdog134 says:

        Lazycs was just being himself.  S/he intentionally misspelled the President’s name.  S/he has no life apart from fed bashing and insulting the President; s/he’s not to be taken seriously.

      • Prairie Dog says:

        Ignore lazycs posts.  He has no life beyond bashing feds and the President.  He misspelled the President’s name intentionally, as an insult.

    • Michelle Scheffler says:

      Don’t you have anything better to do than post negative comments on these articles?  Looks like you don’t even have a job and are jealous of those who do.   Maybe you couldn’t get a Federal job or were fired from one?  It would be more productive to focus your anger on actual trouble makers instead of hard working civil servants.

      • Vicarz says:

        The fact that someone who is either unemployed, or is not working while employed, is the voice of the anti-government forces is indeed amusing and worth noting. 

        Taxpayer dollar recipients against the government unite and be heard! 

  18. Fed Up! says:

    Whats so hard about building a list of govt. employees when everyone’s job and salary have been posted on-line numerous times OPM, FS Cato, and others.  After all, when you’re the enemy of the American people everyone wants to put a target on you.   

    • tsilver says:

      I second that! Even simple personal information such as name, salary and your city makes it pretty easy to dig even further with a simple google search to derive your photos, family connections, a map to your house….Whoever thought it was good idea to post a list of names was crazy. Before it was severely unnerving but now its sounds potentially dangerous.

    • Rob Truman says:

      I concur, it would be nice if they would have used first name or last name initials.  In todays online enviorment it doesnt take much to start connecting the dots with other sources.

  19. James Estrada says:

    Why do we think it’s a foreign country?  How do we know it isn’t one of our fellow citizens who has it in for federal employees?

  20. Fed Peasant says:

    The complete facts & revelations may or may not come out as expected.  The contractors legal liability (profits) comes first over clients & national security.  Both the contractor & government officials will use the “national security” excuse to further impede the truth.  (classify it)  In about the year 2022, Rolling Stone magazine will write the full story on this.  In the next 10 years, the instances, of  illegal use, of this data will be denied by both the contractor & the government.  See the Rolling Stone in 2022 for that too. 

  21. Guest says:

    Let’s hear from the trustees!

  22. AFGEpres says:

    We certainly do not want anyone whose money might be at risk to hackers to be prematurely or needlesly frightened, do we?