The Fraud Blog with Tracy Kitten

Why Did Hackers Hit the Fed Pension Plan?

Senator Demands Answers About Thrift Savings Plan Breach
Why Did Hackers Hit the Fed Pension Plan?

More questions are surfacing about the data breach that targeted the Federal Retirement Thrift Investment Board's Thrift Savings Plan in what the Federal Bureau of Investigation portrays as a sophisticated cyber-attack.

See Also: Webinar | Beyond Managed Security Services: SOC-as-a-Service for Financial Institutions

News of the attack, which may have exposed personally identifiable information on as many as 123,000 pension participants, was made public May 25.

Some observers speculate that this so-called sophisticated attack is linked to a much larger cyberscheme targeting federal employees and agencies. 

The board says it was notified by the FBI of the breach in mid-April, but it needed time to analyze and review the breach before it could make any notifications.

But it's not the April-to-May gap that concerns me the most - it's the gap between July 2011, when the FBI says the breach occurred, and the FBI's notification of the board in April.

Why did it take the FBI so long to notify the board, assuming it discovered the breach last summer? Or did the breach go undiscovered for many months? And why did the FBI discover the breach and not the TSP?

Some observers speculate that this so-called sophisticated attack is linked to a much larger cyberscheme targeting federal employees and agencies. And now a senator is seeking some answers to important questions.

What We Know

The TSP is a retirement savings plan, similar to a 401(k), for federal employees in all branches of government, the U.S. Postal Service and members of the uniformed services.

According to the May 25 statement issued by the TSP, the FBI, after extensive expert analysis of the breach, determined that a computer of Serco, a third-party service provider to the board, had been hacked in July of last year, which resulted in the exposure of data about pension participants.

In some cases, names, addresses and Social Security numbers were exposed. In others, financial details and account routing numbers also were exposed. And for others, only Social Security numbers and TSP-related information was leaked.

The board says it has no evidence that the exposed information was misused for financial gain. But perhaps that's because the hack was not waged for monetary gain.

So what were the hackers after?

David Land, an IT security expert and former Cyber Counterintelligence Officer for the Oak Ridge National Laboratory and the U.S. Department of Energy, suggests the attack was waged for intelligence.

"Were I to guess, this was likely a foreign-state-sponsored effort to gain intelligence and potential targeting information," Land says. Many of the federal employees and service members hit by the breach probably have security clearance to sensitive and classified information.

Congressional Inquiry

This week, Sen. Susan Collins, R-Maine, ranking member of the Senate Homeland Security and Governmental Affairs Committee, sent a letter to the board posing important questions and demanding answers by June 5. Among her questions:

  • When did the FBI discovered the attack?
  • Was the FBI the first federal entity to discover the attack?
  • Did the FBI provide the TSP with an explanation for the delay, if any, between the time the attack was discovered and the time it notified the Federal Retirement Thrift Investment Board?
  • Why did the FBI not directly notify Congress?

Collins also is asking how the FBI discovered the attack and identified the data that had been breached.

I wonder, too. Did the FBI limit its notification because it suspects some internal governmental breach? How many responses can we actually expect the board to provide to Collins? And will those answers be promptly made public? Stay tuned.



About the Author

Tracy Kitten

Tracy Kitten

Director of Global Events Content and Executive Editor, BankInfoSecurity & CUInfoSecurity

Kitten was director of global events content and an executive editor at ISMG. A veteran journalist with more than 20 years' experience, she covered the financial sector for 10+ years. Before joining Information Security Media Group in 2010, she covered the financial self-service industry as the senior editor of ATMmarketplace, part of Networld Media. Kitten has been a regular speaker at domestic and international conferences, and was the keynote at ATMIA's U.S. and Canadian conferences in 2009. She has been quoted by CNN.com, ABC News, Bankrate.com and MSN Money.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing cuinfosecurity.com, you agree to our use of cookies.