Tags:finance retirement TSP

A couple of weeks ago, we told you how and why you should lock down your retirement account so that your retirement isn’t cleaned out.

Another break-in and theft — This time with US Government retirement accounts (401Ks) has been made public,

though not widely reported. I expect that this case will get more press shortly, and there’s a couple of lessons here as well.

The Government’s Thrift Savings Plan (TSP) has been broken into, and

several customers have had money removed, in the amount of about $35,000, according to the site.Apprearntly, the hacker downloaded a keylogger to some participants computer. This is important becuase it seems that the fraudster didn’t use a device, but software (rootkit?) to intercept the passwords.

It is also clear from the notice that the TSP accepts NO responsibility for anything that happens to customer’s accounts if they have computer access to the site and they have a fraud-related loss. I check, and there is no way to disable the ability to withdraw money for non-retirees’ accounts. Either you have full computer access along with potential fraudsters, or you don’t.

There are a couple of lessons here:

  • Some companies haven’t yet learned to balance online security with user needs in a reasonable way. Unfortunately, the Government employees (like employees of any company retirement plan) can’t choose their plan administrator.
  • You are at risk to some extent if your account is accessible online.
  • You need to be maximally protected from people surritipously installing bad stuff (root kits, viruses, trojans, spyware and other malware) on your PC. The costs for not doing so can be high.
  • Your list of protections should include (this could easily be several posts, but I expect there are a million sites covering this already):
  • up-to-date and active antivirus protection. Government employees have free access to anti-virus software from Norton. There are also several free sources out there.
  • a software firewall (which now ships with MS Windows, though there are several others that are good — Black Ice comes immediately to mind.
  • a hardware firewall, such as Linksys, NetGear or Zyxel. These typically inlude a wireless connection for about $50 (as of January 2006). Make sure you secure that connection
  • A spyware checker/remover. AdAware SE (free) is the way to go.
  • Keep your operating system, and network-aware applications up to date. This means keeping “autoupdate” on for windows XP, your browser (which should be FireFox), and chat applicaitons.
  • Be Careful what links you click on, especially when reading your mail and visiting sites you aren’t sure who controls (this is probably how the key logger got loaded)