By
updated 6/5/2012 11:49:53 AM ET 2012-06-05T15:49:53

A network containing the confidential records of more than 120,000 federal employees was hacked last year, yet it took nearly 11 months for the breached company to notify those affected.

The Federal Times reported  that on May 25, the Federal Retirement Thrift Investment Board (FRTIB) which manages the Thrift Savings Plan (TSP), a retirement savings plan for federal employees, began notifying approximately 123,201 TSP participants and payees that, in July 2011, a computer at a Virginia TSP center was infiltrated by a "sophisticated cyberattack."

The unknown attackers accessed files storing the names, addresses and Social Security numbers of 43,587 individuals, the FRTIB said; some of the files also included financial account numbers and routing numbers, putting those affected at serious risk of fraud and identity theft.

[How You're Putting Your Company at Risk for a Data Breach]

A separate group of 79,614 TSP payment recipients had their Social Security numbers accessed, but not their names.

In April 2012, nine months after the incident, the FBI informed the FRTIB of the attack. In its May 25 advisory, the FRTIB said it immediately shut down the compromised TSP computer and formed a response team to conduct a "systemwide review of all computer security procedures."

FRTIB external affairs director Kim Weaver told SecurityNewsDaily the TSP alerted affected members as soon as the FBI notified it of the breach.

According to the TSP, there is "no reason to believe" that any of the accessed members' financial data was misused.

Despite the assurance from the hacked company, several of the members whose accounts were breached criticized the TSP for not disclosing the details at the time of the incident, nearly a year ago.

"I am past furious," TSP member Rosalyn Linker told the Federal Times. "I don't care that TSP got hacked, I care that it took us 10 months to find out. Who knows that someone's been doing with my Social Security number  for 10 months?"

© 2012 SecurityNewsDaily. All rights reserved

Discuss:

Discussion comments

,

Most active discussions

  1. votes comments
  2. votes comments
  3. votes comments
  4. votes comments