More than 123,000 Thrift Savings Plan accounts were hacked for personal information last summer, the Federal Retirement Thrift Investment Board announced last month. Although it seems like several companies have been experiencing security breaches recently, this one is unique in a few key ways.
First, this is one of the first major breaches of a non-private entity. Second, the cyber attack apparently began last July and no public announcement was made until last month. The compromised accounts were accessed through a third-party business, Serco, and although personally identifiable information was hacked, it doesn’t appear that there has been any misuse of the information.
If you’re one of the more than 120,000 government employees affected by the TSP hack, you should have already received a notification by mail. Even though it appears the information wasn’t hacked for identity theft, affected members can receive free credit-monitoring service for a year. The service is highly recommended to keep your information safe, as the long-term plan with the stolen information is still unknown.
The strange thing about the hack isn’t that personal information was stolen, but that the agency was unaware of the security breach until the FBI notified them nearly a year later. Obviously, compromised account holders are concerned that the agency trusted with their personal information and money was oblivious for so long.
Similarly, little information has been given to the public about why it took so long to find out about the hack as well as who appears to be responsible.
After the hack was discovered, the FRTIB completely shut down the hacked system, formed a response team to review system security and boosted security across the board. Additionally, the agency has placed the affected accounts on alert to monitor all future activity.
If you received the letter saying your account was compromised, definitely take advantage of the credit monitoring services but don’t worry about much beyond that. Between the alert on your account and credit monitoring services, any suspicious activity will be reported to you immediately to keep your information safe.