Hackers Make Off with $35,000 of TSP Participant Money

January 17, 2007 (PLANSPONSOR.com) - In spite of additional information security efforts announced last June by officials of the federal employees' Thrift Savings Plan (TSP), in late December hackers were able to make electronic transfers of $35,000 from participant accounts.

GOVEXEC.com reports c omputers of about 25 participants were infected with software that recorded their keystrokes and gave hackers their TSP personal identification numbers. Officials said the affected participants have been notified and they are working with the Secret Service to identify the hackers.

TSP Executive Director Gary Amelio urged participants to install programs on their computers to block spyware and remember to log off the TSP Web site when finished with any Internet transactions, according to GOVEXEC.com. Officials posted an announcement of the security breach on the Web site and a warning that only TSP participants can use the site.

TSP officials announced new security measures last June, including a switch to account numbers for online access rather than social security numbers (See TSP Takes New Measure to Enhance Data Security ), taken after a phishing e-mail was reported in March that directed participants to a bogus Web site and asked for personal information (See Scammers ‘Phish’ for TSP Participant Info ).

A survey of TSP participants conducted for the Federal Retirement Thrift Investment Board released on Wednesday found participants prefer using the Internet to access their accounts, with 49% saying they access their accounts online at home and 39% saying access them online at work (See Federal Workers Support Thrift Plan Changes ).