Serco: 'Sophisticated' Attack On U.S. Govt. Pension Plan Nets Info On 123k

Type threatpost
Reporter Chris Brook
Modified 2013-04-17T16:32:10


Serco Inc., a well-known contractor working with the U.S. government, announced that it was the target of a sophisticated attack that exposed data on 123,000 civil employees of the Federal government and their families, including names, addresses and social security numbers taken from the company’s system.

According to a press release issued Friday, the “sophisticated” breach occurred in April and affected a computer used by the company to support the Federal Retirement Thrift Investment Board, an executive branch agency. About 43,000 retirees who use the company’s Thrift Savings Plan (TSP), a kind of 401k for government employees, had their names, addresses and Social Security Numbers compromised. Around 80,000 other users may have just had their Social Security Numbers compromised, Serco said.

The company called the attack “sophisticated.” It said it was informed of the compromised system by the FBI and that the attack “fits with the increasing number of cyber attacks in which the goal of those seeking unauthorized access does not appear to include identity theft or financial misappropriation.”

Serco Inc., based in Reston, Virginia, is the U.S. subsidiary of Serco Group, plc. Serco provides professional and technology services to the federal government and ranks as one of the Top 30 largest Federal Prime Contractors, with approximately 9,000 employees and annual revenue of $1.4 billion.

The attack “is an unfortunate reminder that Federal government and private company IT assets, computers and data are under pervasive, sophisticated attack,” Serco said in a statement.

Serco said that a forensic analysis of the data doesn’t suggest that the TSP network was compromised. Lacking evidence that the data stolen is being used identity theft scams, the company says it will provide support and offer fraud consultation, restoration and alert services, along with credit counseling, to customers who were victims, according to the release.

Millions of retirees were implicated in a similar breach last year after the Texas Comptroller’s Office leaked users’ social security numbers and driver’s license numbers.