The TSP disclosed last week that a hacker in July 2011 gained access to social security numbers and other personal information of 123,201 TSP participants and payees located on a computer belonging to Serco, a third party service provider used to support the plan.
In April 2012, the Federal Retirement Thrift Investment Board (FRTIB) and Serco were informed of the breach by the FBI. The TSP was informed immediately about the breach by Serco.
The FRTIB stressed that there is “no indication that any of these data have been misused.” Notification letters were sent to those affected by the breach.
Sen. Collins, who is the highest ranking Republican on the Senate Homeland Security and Government Affairs Committee and an author of the Cybersecurity Act, sent a letter to the TSP asking for an explanation of why it took so long to notify Congress and TSP participants about the breach, according to a report by the Washington Post. “I want to assess the process and timeframe whereby this attack was discovered and addressed”, Collins said in the letter.
A TSP spokeswoman told the newspaper that the TSP needed time to analyze the information provided by the FBI and match it against TSP accounts to determine who was affected by the breach. The FBI has declined to comment on when the breach was detected, noted the report.
The analysis revealed that the names, addresses, and social security numbers, and in some cases bank account and routing numbers, of 43,587 individuals were accessed, and the social security numbers and some TSP-related information of another 79,614 individuals were taken by the hacker.