The Federal Retirement Thrift Investment Board (FRTIB) announced today that a computer belonging to Serco Inc, suffered a sophisticated cyber attack that resulted in the unauthorized access of personal information of approximately 123,000 TSP participants or other recipients of TSP payments.
Serco is a third party service provider, and the FBI informed the FRTIB and Serco of the incident in April 2012.
The good news for TSP participants is that there is no evidence at this time that any of the personal data were misused.
Serco and the FRTIB have taken the following steps to address the situation:
- An immediate shutdown of the compromised computer
- Formed a response team that is conducting a systemwide review of all computer security procedures
- Enhanced IT security
A call center has also been established to provide support and offer services such as credit monitoring for affected individuals. Notification letters are in the process of being sent out to any individuals that may have been affected. The FRTIB will also place alerts on impacted TSP accounts as a precautionary measure.
Greg Long, Executive Director of the FRTIB said, “We sincerely regret that this event occurred and we will provide assistance and support to the affected individuals through a call center and credit monitoring. We are working with Serco and other security experts to ensure that the TSP data is protected and secure. We are proud of our service to our participants and beneficiaries and want to continue to earn their trust.
According to data provided by the FBI, 123,201 individuals were potentially affected based on files containing varying combinations of personal data. The names, address and Social Security numbers of 43,587 individuals were in the files. In some cases, this group of data included financial account numbers and routing numbers. Another group of 79,614 individuals had their Social Security number and some information related to the TSP taken.