BreachExchange mailing list archives

Previous By Date Next
Previous By Thread Next

Information of U.S. federal employees exposed

From: security curmudgeon <jericho () attrition org>
Date: Tue, 29 May 2012 03:22:54 -0500 (CDT)


---------- Forwarded message ----------
From: InfoSec News <alerts () infosecnews org>

https://www.computerworld.com/s/article/9227519/Information_of_U.S._federal_employees_exposed

By John Ribeiro
IDG News Service
May 28, 2012

A hack in July last year of a computer used by third-party services 
provider Serco to support the Thrift Savings Plan run by the U.S. Federal 
Retirement Thrift Investment Board resulted in unauthorized access to the 
personal information of about 123,201 TSP participants and payees, FRTIB 
said Friday.

Serco and FRTIB were alerted in April by the Federal Bureau of 
Investigation that one of the computers used to service TSP had been the 
victim of unauthorized access. Besides shutting down the computer, FRTIB 
and Serco did forensic analysis to determine which people were affected, 
and enhanced the security, FRTIB and Serco said in separate statements. 
Serco confirmed that its computer had been affected.

Several files with different combinations of data of the individuals were 
accessed, FRTIB said.A The names, addresses, and Social Security numbers 
of about 43,000 individuals were in the accessed files. In some cases, 
this group of data also included financial account numbers and routing 
numbers, it added.

Another group of about 80,000 people had their Social Security numbers and 
some TSP-related information accessed, but their name was not associated 
with the information, FRTIB said.

[...]
_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security equips organizations with security intelligence, risk
management services and on-demand security solutions to establish
customized risk-based programs to address information security and
compliance challenges. 

Tenable Network Security (http://www.tenable.com/)
Tenable Network Security provides a suite of solutions which unify real-time
vulnerability, event and compliance monitoring into a single, role-based, interface
for administrators, auditors and risk managers to evaluate, communicate and
report needed information for effective decision making and systems management.
Previous By Date Next
Previous By Thread Next

Current thread: