The US government's Federal Retirement Thrift Investment Board has fallen victim to a sophisticated and massive cyber attack that resulted in the exposure of the PII (personally identifying information) of more than 120,000 participants in pensions administered by the Board. The individuals whose data was exposed were participants in the Thrift Savings Plan, which functions much in the manner of a 401k, allowing federal employees to save money in a private account that can be invested in stocks, bonds, or other types of investments. Members of both the armed forces and workers for the US Postal Service participate in the TSP.
The breach is believed to have occurred last summer, but in a shocking development with strong implications for businesses both small and large, it seems that it was not discovered until late April 2012. At that time, the FBI notified the Thrift Investment Board that a breach had occurred, with intrusions into the system taking place as far back as July 2011. At this time, it is not known why there was such an extensive time lag between the breach itself and public notification of the intrusion. Many cyber analysts believe that effective network monitoring would greatly reduce such a time lag.
Information that ended up compromised included the names, Social Security numbers, and addresses of plan participants. Such information is vital to be kept secure because it can enable hackers to commit identity theft, particularly if birth dates are also discovered. Another concern is that specific financial information was harvested by the hackers. This information included bank account routing numbers and other financial details.
A way to help prevent such unauthorized access to private data is to adopt a managed services model for IT support. This model is a form of outsourced IT and involves contracting with an outside IT company such as iCorps to provide remote services delivered through the internet. While companies of any size can benefit from a managed services approach, it is particularly important for small and medium-sized companies to consider this form of IT support.
Small and medium-sized companies often find themselves targeted by hackers precisely because such companies sometimes lack the monetary and personnel resources needed to mount a robust defense against those very hackers. Because a managed services model generally lowers IT security costs, it becomes an affordable way for small companies to protect their information assets including customer financial data.
Managed Services Related Posts: