Tom Shoop, GovExec editor-in-chief
The federal government has notified more than 100,000 employees about a cyber attack that may have compromised their personal information. The attack involved a computer of a government contractor Serco Inc., which helps administer the Thrift Savings Plan — a retirement program for government workers.
Tom Shoop, editor-in-chief of Government Executive discussed the attack with WAMU's Morning Edition host Matt McCleskey, and explains how the government is responding. Here are some highlights:
Reason why the federal employees are just now learning about the cyber attack: "It's not entirely clear at this point. The attack did occur last July – July of 2011. That’s when the FBI found out about it,” Shoop says. "And they investigated it for some time before informing the Thrift Savings Plan Board or Congress about what happened."
More on the attack itself and the level of sophistication: "As these things go, it wasn’t terribly sophisticated," Shoop says. "About 123,000 peoples' information was affected — 43,000 of them it was names, addresses and social security numbers. And another 79,000 it was social security numbers and some of their Thrift Savings Plan information."
On who would have a motive: "The interesting thing is, it doesn’t appear to be any indication yet that the information has been used to try to gain access to anyone’s financial information or to misuse that in some way," Shoop says. "So it's possible, some experts think, that it may be that the attackers weren’t out for financial gain, but were trying to gain access to a system that might give them information about other government agencies."
Government recommendation for those who may have been compromised: "The TSP Board is providing a one year of free credit monitoring for anyone whose information was affected," Shoop says. "So they’re advising people to check up on that and make sure that something hasn’t been compromised."
On what the government is doing to prevent another cyber attack: "Well there are ongoing efforts in the cyber-security area," Shoop says. "There was an incident last fall in which 4.9 million people had information accessed from Tri-Care — that’s the military’s health system. So it isn’t the first time. And it’s been difficult for agencies to stay ahead of these attacks."
How the government is working with federal contractors on this issue: "They’re definitely working hand-in-hand with the contactors," Shoop says. "And in this case they’ve launched an effort to try to figure out what happened. Apparently it was one computer and they’ve taken that offline and have now launched an investigation to try to determine exactly what happened and how it can be prevented in the future."