Personal data of more than 700,000 retired California workers and beneficiaries have been stolen

By Andrew McCollum On Jun 23, 2023

Personal data of more than 700,000 retired California workers and beneficiaries have been stolen — The suns peaks over the California Public Employees Retirement System’s building in Sacramento, Calif., on Sept. 6, 2022. California officials say the personal information of about 769,000 people has been exposed in a third-party data breach linked to the state’s retirement system. Credit: AP Photo/Rich Pedroncelli, File

California pension officials say personal information of about 769,000 retired state employees and other beneficiaries—including Social Security numbers—was among data stolen by Russian cybercriminals in the breach of a popular file-transfer application.

They said they were offering impacted members two years of free credit monitoring.

The breach of the MOVEit program, discovered last month, is estimated by cybersecurity experts to have compromised hundreds of organizations globally. Confirmed victims include the U.S. Department of Energy and several other federal agencies, more than 9 million motorists in Oregon and Louisiana, Johns Hopkins University, Ernst & Young, the BBC and British Airways.

The criminal gang behind the hack, known as Cl0p, is extorting victims, threatening to dump their data online if they don’t pay up.

The California Public Employees’ Retirement System said in a statement that a third-party vendor was breached that used MOVEit to help inform it of member deaths and validate payment eligibility.

“This external breach of information is inexcusable,” CalPERS CEO Marcie Frost was quoted as saying. “Our members deserve better. As soon as we learned about what happened, we took fast action to protect our members’ financial interests, as well as steps to ensure long-term protections.”

Security experts say such so-called supply-chain hacks expose an uncomfortable truth about the software organizations: Network security is only as strong as the weakest digital link in the ecosystem.

The stolen data included names, birth dates and Social Security numbers—and might also include names of spouses or domestic partners and children, officials said. It identified the vendor as PBI Research Services/Berwyn Group. CalPERS planned to send letters Thursday to those affected by the breach.

CalPERS said PBI notified it of the breach on June 6, the same day cybersecurity firms began to issue reports on the breach of MOVEit, whose maker Ipswitch is owned by Progress Software.

PBI reported the breach to federal law enforcement, and CalPERS placed “additional safeguards” to protect the information of retirees who use the member benefits website and visit a regional office, officials said.

Citation:
Personal data of more than 700,000 retired California workers and beneficiaries have been stolen (2023, June 22)
retrieved 22 June 2023
from https://techxplore.com/news/2023-06-personal-california-workers-beneficiaries-stolen.html

This document is subject to copyright. Apart from any fair dealing for the purpose of private study or research, no
part may be reproduced without the written permission. The content is provided for information purposes only.

For all the latest Technology News Click Here

For the latest news and updates, follow us on Google News.

Read original article here

Denial of responsibility! NewsUpdate is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – [email protected]. The content will be deleted within 24 hours.