Inside the TSP hack job

On or about July 2011, somebody (an individual, an organized group, a foreign government?) hacked into a computer belonging to a contractor that works for the Federal Thrift Investment Board. The board manages the Thrift Savings Plan, the federal 401(k)-style plan. The plan operates the accounts of 4.5 million current, retired and former federal workers and military personnel. Those accounts include everybody from your favorite letter carrier or forest ranger to your neighbor who may be with the CIA. Or FBI.

The FBI discovered the hack attack and notified the TSP’s contractor in April of this year; the contractor notified the board. On May 25, the board sent out letters to 123,000 employees whose data was hacked. The names, addresses and Social Security numbers of about 43,000 TSP participants were compromised, as were the Social Security numbers and TSP-related information of about 80,000 others.

Naturally, TSP account holders have lots of questions. On yesterday’s Your Turn radio show, we had a chance to talk with Greg Long, the executive director of the board. The full interview is archived on our home page so you can listen anytime. There is also a Q&A posted by the board that should answer most of your questions. Meantime, here’s a thumbnail sketch of what Long had to say yesterday:

  • No news is good news. If you haven’t gotten a letter from the board it means your data was not hacked. Long said that fewer than 3 percent of the TSP account data was compromised.
  • Nobody has lost any money. Long said although the break-in occurred last July there is no indication that there has been any related account activity.
  • All of the 123,000 accounts where data was stored were on one computer maintained by a private vendor who runs the TSP program.
  • In about 80,000 of the 123,000 accounts, only Social Security numbers were exposed, but no names, addresses or bank account information.
  • In about 43,000 of the 123,000 accounts, hacked data included names, addresses and Social Security numbers. A smaller group of the 43,000 also had bank routing numbers, belonging to people getting payments from the TSP, exposed.
  • The full year of credit monitoring and protection is free to participants.
  • The FBI is handling the investigation and it controls the timeline for any further release of information.

Stay tuned.



By Jack Moore

Standing on the side of the road with outstretched thumb became the universal symbol for hitch-hiking in the 1920s, Slate reports. The first time the term hitch-hike appeared in print was in 1923 in The Nation.


In the federal pay debate, 1 + 1 doesn’t always equal 2
Researchers are struggling to agree on the best method for comparing public and private sector compensation. Some analysts say the use of differing methods results in wildly varied conclusions.

TSP executive director gives update on data breach
It’s been nearly three weeks since the Thrift Savings Plan board announced a data breach of 123,000 TSP accounts, and since then, the board has been fielding questions from participants, Congress and the media. One of the most common questions: Is my account safe?

Lieberman, Collins warn against slashing acquisition workforce
The two influential senators say the mistakes the Defense Department and others made in the 1990s during the last serious budget reductions can’t be repeated this time around.

VA launches virtual hiring event for veterans
The Department of Veterans Affairs is taking its jobs fair to Detroit later this month – Just don’t call it a jobs fair. VA calls it a hiring event, because employers will be equipped to make job offers on site. And it won’t be accessible only in Detroit June 25-29. But servicemembers at five bases will have virtual access.

Inside the World’s Biggest Buyer
Federal News Radio’s week-long special report, Inside the World’s Biggest Buyer, takes a look at acquisition from every perspective: agency, industry, workforce, oversight, and suspension and debarment.