California pension officials have announced that approximately 769,000 retired state employees and other beneficiaries had their personal information stolen in a cyberattack by Russian hackers. The stolen data included Social Security numbers, names, birth dates, and may also include the names of spouses or domestic partners and children. The attack was carried out using the MOVEit program, which is estimated to have compromised hundreds of organizations worldwide. Victims include the U.S. Department of Energy, several other federal agencies, Ernst & Young, Johns Hopkins University, the BBC, British Airways, and more than 9 million motorists in Oregon and Louisiana. CalPERS (the California Public Employees’ Retirement System) is offering two years of free credit monitoring to impacted members.
The Breach and Response
The breach of the MOVEit program was discovered last month, and security experts have warned that such “supply-chain hacks” expose the uncomfortable truth that network security is only as strong as the weakest digital link in the ecosystem. The criminal gang behind the hack, known as Cl0p, is extorting victims and threatening to dump their data online if they do not pay up. CalPERS CEO Marcie Frost described the external breach of information as “inexcusable” and stated that “our members deserve better.” As soon as the breach was discovered, fast action was taken to protect members’ financial interests and steps were put in place to ensure long-term protections. PBI Research Services/Berwyn Group, the third-party vendor who used MOVEit to help inform CalPERS of member deaths and validate payment eligibility, was identified as the source of the breach. PBI reported the breach to federal law enforcement, and CalPERS placed “additional safeguards” to protect the information of retirees who use the member benefits website and visit a regional office. CalPERS planned to send letters to those affected by the breach on Thursday.
The breach of the MOVEit program and subsequent theft of personal information from CalPERS highlights the importance of strong network security and the risks posed by supply-chain hacks. As cyberattacks become increasingly sophisticated, it is essential that organizations take proactive steps to protect their data and the data of their customers and clients. The California pension officials have taken swift action to mitigate the damage caused by the breach, but the incident serves as a reminder that more must be done to ensure that sensitive information remains secure.
Leave a Reply