The PBI data breach has put California Public Employees’ Retirement System (CalPERS) on alert.
PBI, a third party vendor for California Public Employees’ Retirement System (CalPERS), recently fell victim to a cyber attack, resulting in a PBI data breach. This incident marks the 93rd known organization affected by such an attack related to MOVEit vulnerability.
“PBI has notified CalPERS that retired member files were impacted. Some of those are inactive members who may soon become eligible for benefits,” said the CalPERS announcement.
“In all, the PBI security incident impacts the personal information of approximately 769,000 members.”
The breach compromised CalPERS members’ personal information, including names and Social Security numbers (SSNs).
The Cyber Express team has contacted PBI for confirmation regarding the cyber attack and the possible link to the MOVEit vulnerability. However, as of now, no official response has been received.
PBI Data Breach: The response
According to the press release, PBI notified CalPERS about a cybersecurity breach involving their MOVEit Transfer application, which is widely used by numerous organizations globally.
CalPERS utilizes PBI’s services to ensure accurate payments to retirees and beneficiaries, transmitting data securely and encrypted.
According to the pensioner service, the cyber attack on PBI did not impact CalPERS’ information systems or its member portal, myCalPERS.
The PBI data breach specifically targeted PBI’s services related to member death identification, preventing payment errors and overpayments while ensuring accuracy in benefit distribution.
PBI promptly notified CalPERS on June 6, 2023, about a previously unknown “zero-day” vulnerability in their MOVEit transfer application, which allowed unauthorized access to CalPERS data.
PBI data breach has been reported to federal law enforcement. The company has assured CalPERS that the vulnerability has been resolved. Additionally, PBI has implemented additional security measures to prevent similar incidents in the future.
The compromised personal information includes individuals’ first and last names, dates of birth, and Social Security numbers. It may have also included the names of current or former employers, spouses or domestic partners, and children.
“This external breach of information is inexcusable,” said CalPERS Chief Executive Officer Marcie Frost. “Our members deserve better. As soon as we learned about what happened, we took fast action to protect our members’ financial interests, as well as steps to ensure long-term protections.”
CalPERS has implemented enhanced security measures, including new protocols for the myCalPERS member benefits website, additional safeguards for the member call center and regional offices, and comprehensive vendor security assessments for retiree information recipients.
Mitigation strategies for the victims of the cyber attack on PBI
CalPERS offers affected members two years of complimentary credit monitoring and identity restoration services through Experian. Impacted retirees and their survivors have received a letter explaining these services and providing enrollment instructions.
The company urges the affected parties that if they have not received the letter, they can contact CalPERS at 833-919-4735 during the specified hours of operation.
Moreover, the company has recommended that users enroll in credit monitoring services and remain vigilant against identity theft or fraud. Regularly review and monitor accounts and credit history for any signs of unauthorized transactions or suspicious activities.
CalPERS advises that if any user suspects identity theft or fraud, they can also contact their local police station to seek additional information on protecting their identity.
As for the cyber attack on PBI, the company says that it didn’t affect CalPERS’ monthly benefit payments. The systems remain secure, and pension payments will continue to be deposited into recipients’ bank accounts or mailed as paper checks, based on individual preferences.
CalPERS assures its members that their retirement funds are safe and unaffected by this incident. This applies to retirees from the state, public agencies, school districts, and members of the Judges’ Retirement System and Legislators’ Retirement System.