Thrift Savings Plan Officials Take Extra Precautions After Being Hacked

About 25 participants of Thrift Savings Plan bore theft of nearly $35,000 from their accounts. The administrators are therefore asking all its members to install updated security programs on their PCs.

The thefts happened in late December last year. They took place because people unwarily installed spying software on their computers, which they used to access their accounts. When the members keyed their personal identification numbers and other information on the TSP Web site the malicious software tracked the keystrokes. Those recording the users' behavior compiled them and sold to thieves who wired the money electronically from the members' accounts to fake bank accounts.

Officials holding the '401(K)-style retirement savings plan' for federal employees informed that they notified all affected participants of the theft. The illegal software infected computers of approximately two-dozen participants that enabled hackers to read their keystrokes and determine their TSP PINs.

The thrift board although discussed the issue on January 16, 2007 in a meeting but did not say how it discovered the illegal operation.

TSP officials have sought help from the Secret Service to locate the perpetrators. While speaking at the TSP Board meeting, executive director Gary Amelio advised participants to protect their computers with programs that would prevent spyware from entering the systems. He also asked them to log off the TSP Web site when not in use.

Amelio emphasized that there was no fault with the TSP systems itself. The TSP authorities announced two things on the Web site for the members to read before accessing their accounts. One related to the details of the security breach and the other related to a warning that no other person than a TSP member shall use the site. The second one was meant to crack down on hackers with stronger legal penalties.

After the discovery of the theft, TSP authorities temporarily stopped electronic transfers out of the plan as a protective measure. Amelio said that TSP has taken a number of other steps to enhance the Web site's security. One of them requires members to use account numbers to access their accounts instead of Social Security numbers.

» SPAMfighter News - 1/22/2007