TSP head expresses regret over cyberattack

Gregory Long, executive director of the Federal Retirement Thrift Investment Board Gregory Long, executive director of the Federal Retirement Thrift Investment Board U.S. Senate committee for Homeland Security and Governmental Affairs

The head of the Thrift Savings Plan expressed regret on Tuesday over not having a policy in place earlier to notify participants of security breaches to their retirement accounts.

The Federal Retirement Thrift Investment Board implemented a breach notification plan in June, Gregory Long, the board’s executive director, said during a hearing on Capitol Hill. That was about two months after the board learned of a 2011 cyberattack that led to the unauthorized access to the accounts of as many as 123,000 plan participants and other recipients of TSP plan payments.

Long blamed “a lack of resources” for the board’s inability to develop a plan to inform TSP participants of security breaches when they occur. “The past decade has been a time of dramatic expansion for the agency, in the number of participants, the dollars invested in the TSP and the services provided to our participants and beneficiaries,” he said. “This growth taxed the agency’s ability to complete all that needed to be done.”

The board and Serco Inc., the contractor that provides services to the TSP, took more than six weeks to determine which participants were affected by the July 2011 cyberattack on a Serco computer. Long said the board used 2007 guidance on cybersecurity from the Office of Management and Budget in responding to the security breach.

Sen. Daniel Akaka, D-Hawaii, said he was concerned the board did not have a breach notification policy when the agency learned about the cyberattack in April. Akaka, who chairs the Senate Homeland Security and Governmental Affairs federal workforce subcommittee has asked the Government Accountability Office to determine how many other agencies have failed to incorporate OMB’s guidance and whether sufficient oversight of compliance exists. Akaka was one of 43 members of Congress who was affected by the security breach. He has offered an amendment to the 2012 Cybersecurity Act, which the Senate is considering Tuesday evening, that would make it mandatory for every federal agency to have a breach notification policy in place.

Akaka “hasn’t suffered any consequences thus far,” as a result of the cyberattack, his communications director, Jesse Broder Van Dyke, said by email. Broder Van Dyke also said the hearing on the topic and the senator’s amendment “were in the works” before he knew his personal information was improperly accessed along with other TSP enrollees.

The board administers individual accounts for more than 4.5 million federal and postal employees, members of the uniformed services, retirees, and spousal beneficiaries. As of June 30, the TSP held approximately $313 billion in retirement savings.

“I deeply regret the cyberattack and the concern that it caused our participants,” Long told lawmakers. “I want to take this opportunity to assure all our participants and beneficiaries that we will continue to pursue all new avenues of data and computer security to ensure the safety and security of their personal data and their retirement funds.”

Stay up-to-date with federal news alerts and analysis — Sign up for GovExec's email newsletters.
FROM OUR SPONSORS
JOIN THE DISCUSSION
Close [ x ] More from GovExec
 
 

Thank you for subscribing to newsletters from GovExec.com.
We think these reports might interest you:

  • Forecasting Cloud's Future

    Conversations with Federal, State, and Local Technology Leaders on Cloud-Driven Digital Transformation

    Download
  • The Big Data Campaign Trail

    With everyone so focused on security following recent breaches at federal, state and local government and education institutions, there has been little emphasis on the need for better operations. This report breaks down some of the biggest operational challenges in IT management and provides insight into how agencies and leaders can successfully solve some of the biggest lingering government IT issues.

    Download
  • Communicating Innovation in Federal Government

    Federal Government spending on ‘obsolete technology’ continues to increase. Supporting the twin pillars of improved digital service delivery for citizens on the one hand, and the increasingly optimized and flexible working practices for federal employees on the other, are neither easy nor inexpensive tasks. This whitepaper explores how federal agencies can leverage the value of existing agency technology assets while offering IT leaders the ability to implement the kind of employee productivity, citizen service improvements and security demanded by federal oversight.

    Download
  • IT Transformation Trends: Flash Storage as a Strategic IT Asset

    MIT Technology Review: Flash Storage As a Strategic IT Asset For the first time in decades, IT leaders now consider all-flash storage as a strategic IT asset. IT has become a new operating model that enables self-service with high performance, density and resiliency. It also offers the self-service agility of the public cloud combined with the security, performance, and cost-effectiveness of a private cloud. Download this MIT Technology Review paper to learn more about how all-flash storage is transforming the data center.

    Download
  • Ongoing Efforts in Veterans Health Care Modernization

    This report discusses the current state of veterans health care

    Download

When you download a report, your information may be shared with the underwriters of that document.