The California Public Employees’ Retirement System announced on Thursday that the sensitive personal information of approximately 769,000 retired California employees and other related beneficiaries was stolen in a data breach by Russian cybercriminals when they targeted a third party vendor that CalPERS uses to help verify deaths.
According to CalPERS, the Russian data security incident specifically targeted PBI Research Services/Berwyn Group, a company that CalPERS uses to verify deaths of those on the system to help ensure that payments and benefits are paid out and to prevent overpayment, errors, and payments to deceased beneficiaries.
The breach happened earlier this month, with PBI disclosing on Thursday that 769,000 people on CalPERS, as well as 2.5 million policyholders for those in the Genworth Financial insurance company. Cybercriminals specifically targeted the MOVEit file-transfer program as part of a nationwide breach that has also affected companies and federal agencies around the Globe, including the U.S. Department of Energy, British Airways, the BBC, and Johns Hopkins University.
For those affected in California the breach pulled sensitive data such as names, birth dates and Social Security number, as well as possibly the names of spouses, partners, and children. However, the affected data would not go beyond that, as the breach only affected info held by PBI, and did not impact information systems operated by CalPERS.
CalPERS confirmed on Thursday that all affected victims will receive a letter soon, informing them if they are affected. In addition, CalPERS said that those affected would receive two years of free credit monitoring, with Genworth offering similar credit monitoring and ID theft protection. CalPERS also noted that security has now been subsequently raised as a result, with new protocols on the member benefits website, myCalPERS, as well as additional safeguards for those who use the member contact center and those who visit any CalPERS regional office. The breach has also been reported to federal officials, who are looking into the breach.
“This external breach of information is inexcusable,” said CalPERS Chief Executive Officer Marcie Frost in a statement on Thursday. “Our members deserve better. As soon as we learned about what happened, we took fast action to protect our members’ financial interests, as well as steps to ensure long-term protections.”
Cybersecurity experts noted that the breach was only the latest in a long string of cyberattacks in recent years, with no end realistically in sight.
“Sadly, these attacks here and there are now part of the cybersecurity landscape,” LA-based cybersecurity expert Mona Hunter told the Globe Thursday. “Sometimes it is financial, sometimes it is extortion, and then other times they just shut down a pipeline, like they did in 2001, just because they can. And it’s not just the Russians doing it, but they have been the most active in it.”
“And you can’t fully blame PBI for this incident. It really could have happened to anyone. It just so happened that they targeted MOVEit, and PBI was one of those companies using it when they cracked through.”
“For those affected, keep an eye out for anything unusual. Vigilance is key, and more than one group has been taken down by people reporting something unusual quickly enough. And again, this could have happened to anyone. CalPERS and Genworth were affected for those in California, but this string affected people in virtually every state, and hit East Coast states particularly hard. Believe it or not, due to the tech presence out here and many companies being first adopters of new security systems, it is actually harder to crack in to Californian systems directly. That’s why this breach with CalPERS wasn’t direct, but through a third party out of Minnesota, PBI.
“For everyone, be careful too. This isn’t the first big data breach affecting Californians, and it won’t be the last.”
More information on the breach is due to be released soon.
- Former San Jose Mayor Sam Liccardo Rumored To Announce Congressional Run Soon - November 30, 2023
- Gov. Newsom’s Recent $300 Million Block Of Homeless Funding Faces Growing Criticism - November 30, 2023
- Effort Grows To Have Former SF Mayor, Supervisor Mark Farrell Run For Mayor In 2024 - November 30, 2023