Home>Articles>CalPERS Announces Data Breach Of 769,000 Californians’ Personal Information

CalPERS Announces Data Breach Of 769,000 Californians’ Personal Information

2.5 million Genworth Financial policyholders also part of breach by Russian cybercriminals

By Evan Symon, June 23, 2023 2:30 am

The California Public Employees’ Retirement System announced on Thursday that the sensitive personal information of  approximately 769,000 retired California employees and other related beneficiaries was stolen in a data breach by Russian cybercriminals when they targeted a third party vendor that CalPERS uses to help verify deaths.

According to CalPERS, the Russian data security incident specifically targeted PBI Research Services/Berwyn Group, a company that CalPERS uses to verify deaths of those on the system to help ensure that payments and benefits are paid out and to prevent overpayment, errors, and payments to deceased beneficiaries.

The breach happened earlier this month, with PBI disclosing on Thursday that 769,000 people on CalPERS, as well as 2.5 million policyholders for those in the Genworth Financial insurance company. Cybercriminals specifically targeted the MOVEit file-transfer program as part of a nationwide breach that has also affected companies and federal agencies around the Globe,  including the U.S. Department of Energy, British Airways, the BBC, and Johns Hopkins University.

For those affected in California the breach pulled sensitive data such as names, birth dates and Social Security number, as well as possibly the names of spouses, partners, and children. However, the affected data would not go beyond that, as the breach only affected info held by PBI, and did not impact information systems operated by CalPERS.

CalPERS confirmed on Thursday that all affected  victims will receive a letter soon, informing them if they are affected. In addition, CalPERS said that those affected would receive two years of free credit monitoring, with Genworth offering similar credit monitoring and ID theft protection. CalPERS also noted that security has now been subsequently raised as a result, with new protocols on the member benefits website, myCalPERS, as well as additional safeguards for those who use the member contact center and those who visit any CalPERS regional office. The breach has also been reported to federal officials, who are looking into the breach.

“This external breach of information is inexcusable,” said CalPERS Chief Executive Officer Marcie Frost in a statement on Thursday. “Our members deserve better. As soon as we learned about what happened, we took fast action to protect our members’ financial interests, as well as steps to ensure long-term protections.”

Cybersecurity experts noted that the breach was only the latest in a long string of cyberattacks in recent years, with no end realistically in sight.

“Sadly, these attacks here and there are now part of the cybersecurity landscape,” LA-based cybersecurity expert Mona Hunter told the Globe Thursday. “Sometimes it is financial, sometimes it is extortion, and then other times they just shut down a pipeline, like they did in 2001, just because they can. And it’s not just the Russians doing it, but they have been the most active in it.”

“And you can’t fully blame PBI for this incident. It really could have happened to anyone. It just so happened that they targeted MOVEit, and PBI was one of those companies using it when they cracked through.”

“For those affected, keep an eye out for anything unusual. Vigilance is key, and more than one group has been taken down by people reporting something unusual quickly enough. And again, this could have happened to anyone. CalPERS and Genworth were affected for those in California, but this string affected people in virtually every state, and hit East Coast states particularly hard. Believe it or not, due to the tech presence out here and many companies being first adopters of new security systems, it is actually harder to crack in to Californian systems directly. That’s why this breach with CalPERS wasn’t direct, but through a third party out of Minnesota, PBI.

“For everyone, be careful too. This isn’t the first big data breach affecting Californians, and it won’t be the last.”

More information on the breach is due to be released soon.

Print Friendly, PDF & Email
Evan Symon
Spread the news:


12 thoughts on “CalPERS Announces Data Breach Of 769,000 Californians’ Personal Information

  1. These types of data breaches have become so frequent that they are like a normal part of having your data kept by these companies, organizations and government. When it happens you start seeing a trove of new unsolicited contact attempts in your email and smart phone. This is why I don’t permit sharing my data by my banks and insurance companies among their affiliates and third parties. In addition, I avoid signing up on various websites like Honey that offer discount deals.

  2. They know for certain it was Russian cybercriminals but they are 100% not at fault and had no way to stop it!! Yah ok. The truth is they are run like crap, are insolvent, corrupt, incompetent and should be put on trial. Probably just a trial balloon excuse for when the whole public pension system explodes! It’s much easier to just blame the Russians because the media will go along with it and the California public is mostly ignorant!!

  3. The bureaucrats at CalPERS are more concerned about their enforcing diversity, equity and inclusion dictates of their Democrat masters rather than focusing on data security? Meanwhile California has the greatest amount of unfunded pension liabilities of any state, totaling over an estimated $1.5 trillion.

    1. So crazy how Calpers and it’s pensioners could make some basic, sound financial decisions to keep the system running for many years but instead they choose to put the peddle to the metal straight off a cliff! Well at least the Democrats are destroying the lives of it’s own people and not just everyone else’s.

Leave a Reply

Your email address will not be published. Required fields are marked *