A third-party data breach reported earlier this month exposed the personal information of approximately 769,000 retired CalPERS members. CalSTRS also said it was affected by the breach and said KCRA 3 was trying to figure out how many members were affected. CalPERS is the California Government Employees’ Retirement Plan and the largest public pension fund in the country. We serve over 2 million retirement plan members and over 1.5 million wellness program members. CalSTRS, the California Teachers Retirement Plan, is the second largest public pension fund and largest teachers’ retirement plan in the United States. . It serves over 947,000 members. In a Wednesday release, CalPERS first said its third-party vendor, PBI Research Services, notified the agency of the MOVEit Transfer Application vulnerability on June 6, which has since been fixed. PBI helps CalPERS identify member deaths and ensure proper payments are made to retirees and their beneficiaries. According to CalPERS, vulnerabilities in the app could allow data such as first and last name, date of birth, and social security number to be downloaded by an unauthorized third party. Members’ family names may also have been accessed. CalPERS said the breach did not affect its information systems, myCalPERS, or active members. It also does not affect the payment of the member’s monthly benefits. But the leak may have affected not only retired members and their families, but also inactive members who will soon be eligible for benefits, Calpers said. In a statement, PBI said the vulnerability was identified “at the end of May” and “is being actively exploited by cybercriminals.” “PBI immediately patched the MOVEit instance, assembled a team of cybersecurity and privacy experts, notified federal law enforcement agencies, and contacted potentially affected customers,” PBI said. . “Cybercriminals did not have access to any other systems at PBI. They only had access to the MOVEit management portal affected by the vulnerability. PBI worked directly with affected customers to We have identified affected consumers and are developing a notification plan.” CalPERS said it was affected by the breach. According to the Associated Press, the U.S. Department of Energy and other federal agencies were compromised, as well as more than 9 million drivers in Oregon and Louisiana, Johns Hopkins University, Ernst & Young accounting firm, BBC and British.・Airways. CalPERS announced Thursday that it will begin sending letters to affected members about the breach and will provide two years of free credit monitoring for Experian. It is not immediately clear whether CalPERS has received reports of fraud related to this breach. KCRA 3 also asked why authorities waited until this week to announce violations. “I was just appalled that they hadn’t said anything to anyone before this. We should have known. We could have checked our accounts.” said Randy Cheek, Legislative Director of the Association of Retired Civil Servants. California. The Associated Press reported that the criminal organization Cl0p, which is believed to be the perpetrator of the hack, is extorting victims. CalPERS members may email questions regarding this infringement to PBIquestions@calpers.ca.gov, Monday through Friday, 6:00 am to 8:00 pm, or Saturday and Sunday, 8:00 am to 5:00 pm. , you can call 833-919-4735. CalPERS said in response to the breach: We are creating new protocols for myCalPERS and safeguards for call center users and local office visitors. “This outside disclosure of information is unacceptable,” CalPERS CEO Mercy Frost said in a statement. “Our members deserve better.” As soon as we learn what happened, we will act quickly to protect the financial interests of our members and ensure long-term protection. “We have taken steps to ensure that we have received the notice,” CalPERS said on June 4, two days before it announced it had been notified. “This incident does not involve unauthorized access to CalSTRS’ network,” CalSTRS said. “CalSTRS is working with PBI to identify CalSTRS members whose information was implicated in PBI cases. CalSTRS will notify members and beneficiaries whose personal information was implicated in accordance with applicable law.”
The personal information of approximately 769,000 retired CalPERS members was exposed. Third party data breach It was reported earlier this month. CalSTRS also said it was affected by the breach and said KCRA 3 was trying to figure out how many members were affected.
CalPERS is the California Government Employees’ Retirement Plan and the largest public pension fund in the country. We serve over 2 million retiree plan members and over 1.5 million wellness program members.
CalSTRS (California Teachers’ Retirement System) is the second largest public pension fund and largest teachers’ retirement plan in the United States. It serves over 947,000 members.
In a Wednesday release, CalPERS first said its third-party vendor, PBI Research Services, notified the agency of the MOVEit Transfer Application vulnerability on June 6, which has since been fixed.
PBI helps CalPERS identify member deaths and ensure proper payments are made to retirees and their beneficiaries.
According to CalPERS, vulnerabilities in the app could allow data such as first and last name, date of birth, and social security number to be downloaded by an unauthorized third party. Members’ family names may also have been accessed.
CalPERS said the breach did not affect its information systems, myCalPERS, or active members. It also does not affect the payment of the member’s monthly benefits.
But the leak may have affected not only retired members and their families, but also inactive members who will soon be eligible for benefits, Calpers said.
In a statement, PBI said the vulnerability was identified “at the end of May” and “is being actively exploited by cybercriminals.”
“PBI immediately patched the MOVEit instance, assembled a team of cybersecurity and privacy experts, notified federal law enforcement agencies, and contacted potentially affected customers,” PBI said. . “Cybercriminals did not have access to any other systems at PBI. They only had access to the MOVEit management portal affected by the vulnerability. PBI worked directly with affected customers to We have identified affected consumers and are developing a notification plan.”
According to CalPERS, thousands of other organizations have also been affected by this breach.
According to the Associated Press, in addition to the U.S. Department of Energy and other federal agencies, more than 9 million drivers in Oregon and Louisiana, Johns Hopkins University, Ernst & Young Accounting Firm, BBC and British Airways said to have been violated.
CalPERS announced Thursday that it will begin sending letters to affected members about the breach and will provide two years of free credit monitoring for Experian.
It is not immediately clear whether CalPERS has received reports of fraud related to this breach. KCRA 3 also asked why authorities waited until this week to announce violations.
“I was just appalled that they hadn’t said anything to anyone before this. We should have known. We could have checked our accounts.” said Randy Cheek, Legislative Director of the Association of Retired Civil Servants. California.
The Associated Press reported that the criminal organization Cl0p, which is believed to be the perpetrator of the hack, is extorting victims.
CalPERS members may email infringement questions to PBIquestions@calpers.ca.gov or call us Monday through Friday from 6:00 am to 8:00 pm or Saturday and Sunday from 8:00 am to 5:00 pm. Call 833-919-4735.
CalPERS said it was responding to the breach by creating new protocols for myCalPERS and protections for call center users and local office visitors.
“This outside disclosure of information is unacceptable,” CalPERS CEO Mercy Frost said in a statement. “Our members deserve better. As soon as we learn what happened, we will take immediate action to protect the financial interests of our members and to ensure long-term protection. measures have been taken.”
CalSTRS confirmed on Thursday that the company was also affected in response to questions from KCRA 3. The system said it was notified on June 4, two days before CalPERS announced it had been notified.
“This incident does not involve unauthorized access to CalSTRS’ network,” CalSTRS said. “CalSTRS is working with PBI to identify CalSTRS members whose information was implicated in PBI cases. CalSTRS will notify members and beneficiaries whose personal information was implicated in accordance with applicable law.”