The personal information of about 769,000 retired CalPERS members was exposed in a third-party data breach reported earlier this month. CalSTRS also said it was affected by the breach and KCRA 3 is trying to find out how many of its members were affected. CalPERS, the California Public Employees Retirement System, is the largest public retirement fund in the country. It serves more than 2 million members in its pension scheme and more than 1.5 million in its wellness programme. CalSTRS, the California State Teachers Retirement System, is the second largest public retirement fund in the United States and the largest teacher retirement system. It serves more than 947,000 members. CalPERS first said in a statement Wednesday that its third-party vendor, PBI Research Services, notified the agency on June 6 of a vulnerability in the MOVEit Transfer app that has since been fixed. PBI CalPERS helps identify member deaths and ensure that the correct payments go to retirees and their beneficiaries. CalPERS said the app vulnerability allowed data such as first name, last name, date of birth, and Social Security numbers to be downloaded by an unauthorized third party. It was also possible to access the names of individuals’ family members. CalPERS said the breach did not affect its information systems, myCalPERS, or active members. It also does not affect members’ monthly interest payments. But besides retired members and their families, the breach could also have affected inactive members who quickly become eligible for benefits, Calpers said. PBI said in a statement that it identified the vulnerability “at the end of May” and that it was “actively exploited by cybercriminals.” “PBI promptly patched its instance of MOVEit, assembled a team of cybersecurity and privacy professionals, notified federal law enforcement and contacted potentially affected customers,” PBI said. “The cybercriminals were unable to access other PBI systems – only the MOVEit administrative portal subject to the vulnerability was accessed. PBI works directly with affected customers to identify affected consumers and develop notification plans.” The US Department of Energy and other federal agencies were hacked, Kalpers said, along with more than 9 million drivers in Oregon and Louisiana, Johns Hopkins University, the accounting firm Ernst & Young, the BBC and British Airways. CalPERS said Thursday it will start sending letters to affected members about the breach and will offer them free Experian credit monitoring for two years. It was not immediately clear if CalPERS had received reports of fraud in connection with the breach. KCRA3 also asks why the agency waited until this week to announce the breach. The Associated Press reports that the criminal gang Cl0p, which is believed to be responsible for the hack, is extorting victims. CalPERS members may email questions about the breach to [email protected] or call 833-919-4735 Monday through Friday from 6 a.m. to 8 p.m. or Saturday and Sunday from 8 a.m. to 5 p.m. Creates new myCalPERS protocols and guarantees for those who use the call center or who visit a regional office. “This external breach of information is inexcusable,” CalPERS CEO Marcy Frost said in a statement. “Our members deserve better. As soon as we learned what happened, we took swift action to protect the financial interests of our members, as well as steps to ensure long-term protection.” On Thursday, CalSTRS confirmed it had also been affected when asked by KCRA 3. The system was informed on June 4, it said. Two days before CalPERS announced that it had been notified. “This incident did not involve unauthorized access to the CalSTRS network,” CalSTRS said. “CalSTRS is working with PBI to identify CalSTRS members whose information was involved in a PBI incident. CalSTRS will provide notice to any members and beneficiaries whose personal information was involved in accordance with applicable law.”
The personal information of approximately 769,000 retired CalPERS members was disclosed third party data breach which was reported earlier this month. CalSTRS also said it was affected by the breach and KCRA 3 is trying to find out how many of its members were affected.
CalPERS, the California Public Employees Retirement System, is the largest public retirement fund in the country. It serves more than 2 million members in its pension scheme and more than 1.5 million in its health programme.
CalSTRS, the California State Teachers Retirement System, is the second largest public retirement fund in the United States and the largest teacher retirement system. It serves more than 947,000 members.
CalPERS first said in a statement Wednesday that its third-party vendor, PBI Research Services, notified the agency on June 6 of a vulnerability in the MOVEit Transfer app that has since been fixed.
PBI CalPERS helps identify member deaths and ensure that the correct payments go to retirees and their beneficiaries.
CalPERS said the app vulnerability allowed data such as first name, last name, date of birth, and Social Security numbers to be downloaded by an unauthorized third party. It was also possible to access the names of individuals’ family members.
CalPERS said the breach did not affect its information systems, myCalPERS, or active members. It also does not affect members’ monthly interest payments.
But besides retired members and their families, the breach could also have affected inactive members who quickly become eligible for benefits, Calpers said.
PBI said in a statement that it identified the vulnerability “at the end of May” and that it was “actively exploited by cybercriminals.”
“PBI promptly patched its instance of MOVEit, assembled a team of cybersecurity and privacy professionals, notified federal law enforcement and contacted potentially affected customers,” PBI said. “The cybercriminals had no access to other PBI systems – only the vulnerable MOVEit administrative portal was accessed. PBI works directly with affected customers to identify affected consumers and develop notification plans.”
Calpers said thousands of other organizations were also affected by the breach.
According to the Associated Press, the US Department of Energy and other federal agencies were at risk, along with more than 9 million drivers in Oregon and Louisiana, Johns Hopkins University, accounting firm Ernst & Young, the BBC and British Airways.
CalPERS said Thursday it will start sending letters to affected members about the breach and will offer them free Experian credit monitoring for two years.
It was not immediately clear if CalPERS had received reports of fraud in connection with the breach. KCRA3 also asks why the agency waited until this week to announce the breach.
The Associated Press reports that the criminal gang Cl0p, which is believed to be responsible for the hack, is extorting victims.
CalPERS members may email questions about the breach to [email protected] or call 833-919-4735 Monday through Friday from 6 a.m. to 8 p.m. or Saturday and Sunday from 8 a.m. to 5 p.m.
CalPERS said that in response to the breach, it is making new protocols for myCalPERS and safeguards for those who use the call center or who visit a regional office.
“This external breach of information is inexcusable,” CalPERS CEO Marcy Frost said in a statement. “Our members deserve better. As soon as we became aware of what had happened, we took swift action to protect the financial interests of our members, as well as steps to ensure long-term protection.”
On Thursday, CalSTRS confirmed it was also affected when asked by KCRA 3. The system said it was notified on June 4, two days before CalPERS said it was notified.
“This incident did not involve unauthorized access to the CalSTRS network,” CalSTRS said. “CalSTRS is working with PBI to identify CalSTRS members whose information was involved in a PBI incident. CalSTRS will provide notice to any members and beneficiaries whose personal information was involved in accordance with applicable law.”
“Extreme travel lover. Bacon fanatic. Troublemaker. Introvert. Passionate music fanatic.”
More Stories
Chinese company BYD surpasses Tesla's revenues for the first time
Dow Jones Futures: Microsoft, MetaEngs Outperform; Robinhood Dives, Cryptocurrency Plays Slip
The US economy grew at a strong pace of 2.8% in the last quarter thanks to strong consumer spending