Social security numbers and other personal data for 123,000 Thrift Savings Plan account holders were stolen from a contractor’s computer last year, a TSP spokeswoman said Friday.
Names, addresses, and financial account and routing numbers of some accounts were also compromised.
Kim Weaver, spokeswoman for the Federal Retirement Thrift Investment Board, which manages the TSP program, said the hacking incident targeted a computer operated by contractor Serco Inc., which provides record-keeping services for 4.5 million federal employees, service members and beneficiaries with TSP accounts.
“It was a sophisticated attack that overcame the defenses [Serco] had in place,” Weaver said.
Weaver said both TSP and Serco have enhanced their cybersecurity. “We have monitored our TSP accounts, [and] we have no reason to believe that the data was misused in any way.”
The attack occurred in July, but the Federal Retirement Thrift Investment Board and Serco were not aware of it until they were notified last month by the FBI, Weaver said. The infected computer was immediately shut down and the security of all TSP and Serco systems was reviewed.
FBI spokeswoman Jacqueline Maguire said because the investigation is ongoing she could not say when the FBI knew about the attack or why it took nearly a year to notify TSP officials and Serco.
The Federal Retirement Thrift Investment Board notified affected TSP account holders Friday and detailed in a letter how to connect with a call center for support and services, including free credit monitoring. Account holders were not notified until the board determined who was affected.