The personal information of about 769,000 retired CalPERS members was exposed in a third-party data breach reported earlier this month. CalSTRS said 415,000 of its members and beneficiaries were affected by the breach. CalPERS, the California Public Employee Retirement System, is the largest public retirement fund in the country. It serves more than 2 million members in its pension scheme and more than 1.5 million in its wellness programme. CalSTRS, the California State Teachers Retirement System, is the second largest public retirement fund in the United States and the largest teacher retirement system. It serves more than 947,000 members. CalPERS first said in a statement Wednesday that its third-party vendor, PBI Research Services, notified the agency on June 6 of a vulnerability in the MOVEit Transfer app that has since been fixed. PBI CalPERS helps identify member deaths and ensure that the correct payments go to retirees and their beneficiaries. CalPERS said the app vulnerability allowed data such as first and last names, date of birth, and Social Security numbers to be downloaded by an unauthorized third party. It was also possible to access the names of individuals’ family members. CalPERS said the breach did not affect its information systems, myCalPERS, or active members. It also does not affect members’ monthly interest payments. But besides retired members and their families, the breach could also have affected inactive members who quickly become eligible for benefits, Calpers said. PBI said in a statement that it identified the vulnerability “at the end of May” and that it was “actively exploited by cybercriminals.” “PBI promptly patched its instance of MOVEit, assembled a team of cybersecurity and privacy professionals, notified federal law enforcement and contacted potentially affected customers,” PBI said. “The cybercriminals were unable to access other PBI systems – only the MOVEit administrative portal subject to the vulnerability was accessed. PBI works directly with affected customers to identify affected consumers and develop notification plans.” The US Department of Energy and other federal agencies were hacked, Kalpers said, along with more than 9 million drivers in Oregon and Louisiana, Johns Hopkins University, the accounting firm Ernst & Young, the BBC and British Airways. CalPERS said Thursday it will start sending letters to affected members about the breach and will offer them free Experian credit monitoring for two years. It was not immediately clear if CalPERS had received reports of fraud in connection with the breach. KCRA3 also asks why the agency waited until this week to announce the breach. We should have known. We should have been able to check our accounts,” said Randy Chick, legislative director of the California Retired Public Employees Association. . The Associated Press reports that the criminal gang Cl0p, which is believed to be responsible for the hack, is extorting victims. CalPERS members may email questions about the breach to [email protected] or call 833-919-4735 Monday through Friday from 6 a.m. to 8 p.m. or Saturday and Sunday from 8 a.m. to 5 p.m. , is creating new protocols for myCalPERS and guarantees for those who use the call center or who visit a regional office. “This external breach of information is inexcusable,” CalPERS CEO Marcy Frost said in a statement. “Our members deserve better. As soon as we learned what happened, we took swift action to protect the financial interests of our members, as well as steps to ensure long-term protection.” On Thursday, CalSTRS confirmed it had also been affected when asked by KCRA 3. The system said it was informed on June 4 that PBI systems have been exploited. On June 8, it was told that the breach contained personal information of some of its members. “This incident did not involve unauthorized access to the CalSTRS network,” CalSTRS said. “CalSTRS is working with PBI to identify CalSTRS members whose information was involved in a PBI incident. CalSTRS will provide notice to any members and beneficiaries whose personal information was involved in accordance with applicable law.” CalSTRS said, in an email Friday, that the names, Social Security numbers, dates of birth and zip codes of 415,000 members and recipients of the breach have been released. A letter has been sent to those affected outlining the resources available to help protect private information. “CalSTRS is evaluating the relationship with PBI Research Services and the security measures in place,” the agency said. “PBI has informed CalSTRS that it has applied the recommended patches to its file transfer system and has taken recommended mitigation steps. CalSTRS continues to work to ensure that all of our service providers implement security measures that protect our members’ information.”
The personal information of approximately 769,000 retired CalPERS members was disclosed third party data breach which was reported earlier this month. CalSTRS said 415,000 of its members and beneficiaries were affected by the breach.
CalPERS, the California Public Employees Retirement System, is the largest public retirement fund in the country. It serves more than 2 million members in its pension scheme and more than 1.5 million in its health programme.
CalSTRS, the California State Teachers Retirement System, is the second largest public retirement fund in the United States and the largest teacher retirement system. It serves more than 947,000 members.
CalPERS first said in a statement Wednesday that its third-party vendor, PBI Research Services, notified the agency on June 6 of a vulnerability in the MOVEit Transfer app that has since been fixed.
PBI CalPERS helps identify member deaths and ensure that the correct payments go to retirees and their beneficiaries.
CalPERS said the app vulnerability allowed data such as first and last names, date of birth, and Social Security numbers to be downloaded by an unauthorized third party. It was also possible to access the names of individuals’ family members.
CalPERS said the breach did not affect its information systems, myCalPERS, or active members. It also does not affect members’ monthly interest payments.
But besides retired members and their families, the breach could also have affected inactive members who quickly become eligible for benefits, Calpers said.
PBI said in a statement that it identified the vulnerability “at the end of May” and that it was “actively exploited by cybercriminals.”
“PBI promptly patched its instance of MOVEit, assembled a team of cybersecurity and privacy professionals, notified federal law enforcement and contacted potentially affected customers,” PBI said. “The cybercriminals had no access to other PBI systems – only the vulnerable MOVEit administrative portal was accessed. PBI works directly with affected customers to identify affected consumers and develop notification plans.”
Calpers said thousands of other organizations were also affected by the breach.
According to the Associated Press, the US Department of Energy and other federal agencies were at risk, along with more than 9 million drivers in Oregon and Louisiana, Johns Hopkins University, accounting firm Ernst & Young, the BBC and British Airways.
CalPERS said Thursday it will start sending letters to affected members about the breach and will offer them free Experian credit monitoring for two years.
It was not immediately clear if CalPERS had received reports of fraud in connection with the breach. KCRA3 also asks why the agency waited until this week to announce the breach.
We should have known. We should have been able to check our accounts,” said Randy Chick, legislative director of the California Retired Public Employees Association. .
The Associated Press reports that the criminal gang Cl0p, which is believed to be responsible for the hack, is extorting victims.
CalPERS members may email questions about the breach to [email protected] or call 833-919-4735 Monday through Friday from 6 a.m. to 8 p.m. or Saturday and Sunday from 8 a.m. to 5 p.m.
CalPERS said that in response to the breach, it is making new protocols for myCalPERS and safeguards for those who use the call center or who visit a regional office.
“This external breach of information is inexcusable,” CalPERS CEO Marcy Frost said in a statement. “Our members deserve better. As soon as we became aware of what had happened, we took swift action to protect the financial interests of our members, as well as steps to ensure long-term protection.”
On Thursday, CalSTRS confirmed it had also been affected when asked by KCRA 3. The system said it was notified on June 4 that PBI systems had been exploited. On June 8, it was told that the breach contained personal information of some of its members.
“This incident did not involve unauthorized access to the CalSTRS network,” CalSTRS said. “CalSTRS is working with PBI to identify CalSTRS members whose information was involved in a PBI incident. CalSTRS will provide notice to any members and beneficiaries whose personal information was involved in accordance with applicable law.”
CalSTRS, in an email Friday, said the names, Social Security numbers, dates of birth and zip codes of 415,000 members and their beneficiaries have been released due to the breach. A letter has been sent to those affected outlining the resources available to help protect private information.
“CalSTRS is evaluating the relationship with PBI Research Services and the security measures in place,” the agency said. “PBI has informed CalSTRS that it has applied the recommended patches to its file transfer system and has taken recommended mitigation steps. CalSTRS continues to work to ensure that all of our service providers implement security measures that protect our members’ information.”
More Stories
Bank of Japan decision, China PMI, Samsung earnings
Dow Jones Futures: Microsoft, MetaEngs Outperform; Robinhood Dives, Cryptocurrency Plays Slip
Strategist explains why investors should buy Mag 7 ‘now’