News just broke yesterday that a data breach targeting the nation’s biggest pension funds CalPERS (California Public Employees' Retirement System) and CalSTRS (California State Teachers' Retirement System) lead to the release of identity information on more than 1.1 million of their members collectively.
Not only will this breach possibly affect the pensions and identity security of existing members but also those who have not yet reached retirement age but whose information is still in the system. Even family members of affected users may have had their identifying information leaked during the breach if their details were added to these systems.
CalPERS released a statement saying that the breach did not affect their own systems and it will not affect current members’ monthly benefits. Still, the company has said they have upped their security measures and will be offering free credit monitoring for affected users. Users should receive a notice soon as to whether or not their information was identified as being compromised by the breach.
Information that was allegedly leaked includes addresses, dates of birth, social security numbers and more.
The origin of the breach was through the PBI Research Services MOVEit file management software which CalPERS and CalSTRS use as a third-party vendor to identify death benefits or for additional beneficiaries in their systems. The effects of this the zero day hack on the MOVEit software are still reverberating throughout the US, with other companies reporting being affected such as Siemens, UCLA, Schneider Electric and more.
Although PBI Research Services was notified of the breach themselves on June 4th, it was still two more weeks before CalPERS and CalSTRS were notified which has led to a delayed response. PBI has also notified federal law enforcement to ensure extra steps are taken to protect the pension fund status of affected users. Additional identity checks are expected to be put in place to make sure pension funds are only claimed by those who are eligible for them.
California’s treasurer Fiona Ma is urging that a special meeting be held to discuss the aftermath of this breach, which only elaborates how serious this is. Ma sits on the board of both pension funds.
We want to reiterate that pension funds are not currently at risk, however due to the nature of identity theft, preventing future fallout from this breach is of the utmost importance and no small task.
This breach elaborates on the importance of vetting your vendors well. Even if you’re doing everything you can to protect your business from a cyber-attack, vendors you use that have access to your systems also need to do their part or your efforts may be in vain. Here is a checklist you can use when vetting a new technology vendor:
If you need assistance in making in recovering for a data breach, or to prevent one from happening to your business in the first place Valley Techlogic is here for you. Cyber security efficacy is one of our core company values and our customers security concerns are regarded with the utmost importance. Schedule a consultation today to learn more.
Looking for more to read? We suggest these other articles from our site.
This article was powered by Valley Techlogic, an IT service provider in Atwater, CA. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on Twitter at https://twitter.com/valleytechlogic.
You must be logged in to post a comment.