14 DAY TRIAL // Data breaches have become more and more common in the past few years and if most companies are capable of handling the effects of such incidents, there are some that appear to be failing at the task. Such is the case of the Thrift Savings Plan (TSP), which alerted customers only 10 months after hackers gained unauthorized access to their systems.
According to Federal Times, back in July 2011, the hackers extracted social security numbers and other private data belonging to 123,201 individuals from a Virginia TSP data center managed by Serco Inc.
Even though the Federal Retirement Thrift Investment Board (FRTIB) claims that there is no sign of information misuse, many of TSP’s customers are thinking of leaving the organization. However, FRTIB representatives have an explanation as to why participants haven’t been notified sooner.
They state that at the time of the breach there were around 4.5 million records stored on a computer located at the data center, so they kept everything a secret until they could determine the exact number of potential victims.
“That would be a nice way to scare ... 4 million people,” said Kim Weaver, FRTIB external affairs director.
“It was not a good thing, and we're not happy about it. But it's 2 percent of our population [that was affected]. To scare all of them would not be a smart move, in our estimation.”
Weaver reveals that even the FRTIB and Serco have learned of the breach only on April 11 when they were notified by the FBI. On May 25, both customers and Congress have been made aware of the incident.
After hearing the news, some lawmakers have publicly stated their disappointment regarding the way everything has been handled.
One of them is Sen. Susan Collins, who sent letters to both the FBI and FRTIB requesting further clarifications on why Congress was told so late.