Senior Communications Manager
Kirk Nahra Comments on Pension Hack Exposing 123,000 Accounts
Privacy Practice chair Kirk Nahra was interviewed by BankInfoSecurity.com for a story on a sophisticated cyberattack in the summer of 2011 that was aimed at a computer linked to the Federal Retirement Thrift Investment Board's Thrift Savings Plan. The attack on the retirement savings plan is reported to have exposed personal information on as many as 123,000 pension participants.
The article reported "the incident resulted in unauthorized access to information about TSP participants and payees. In some cases, names, addresses and Social Security numbers were exposed. In others, financial details and account routing numbers also were exposed. And for others, only Social Security numbers and TSP-related information was leaked.
Mr. Nahra said the breach should have been detected much sooner. "The fact that they are just finding it, nearly a year later, means they didn't do a good job of monitoring their systems," said Mr. Nahra. "This points out a need to do a better job on that end, by catching some of these compromises faster. We can't stop them, but we can be faster to react."
Mr. Nahra added that the incident highlights why storing or transmitting Social Security numbers can be a bad idea: "Anytime you have a Social Security number involved in a breach, the potential implications for damage are higher." He also suggested that organizations "should be paying a lot of attention to what information they have and what they do with it, especially when outside vendors are involved."