One senator is asking why it took nine months for the Thrift Savings Plan board to find out about a sophisticated cyber attack that compromised 123,000 TSP participants’ accounts. Sen. Susan Collins (R-Maine) also wants to know why Congress wasn’t informed of the breach until more than a month after it was reported to the board.
In a letter dated May 29 to FBI Director Robert Mueller, Collins asked when the FBI first became aware of the attack and whether another federal agency or department had discovered the breach first.
Collins is the ranking member of the Senate Homeland Security and Governmental Affairs Committee.
The FBI reported the breach in April of this year to the Federal Retirement Thrift Investment Board, which oversees the TSP. But the attack had occurred in July 2011.
A computer owned by Serco, Inc. — a contractor in Reston, Va., that runs the TSP’s data centers and maintains the TSP record-keeping system — had been hacked, revealing personal information of about 43,000 accounts and compromising another 80,000 accounts. The TSP overall has about 4.5 million accounts and total assets of about $313 billion.
Collins also wrote a letter to Greg Long, FRTIB executive director, asking for details of the steps the board took to inform TSP participants of the breach and how the board will improve how it notifies Congress in future cases.
As previously reported by Federal News Radio, Serco shut down the compromised computer once it was informed of the attack and, with FRTIB, launched a task force to review security procedures.
FRTIB has also established a call center to provide credit monitoring for TSP participants and will flag all affected TSP accounts for heightened security measures.