CalPERS (California Public Employees’ Retirement Systems) is working in collaboration with PBI (Public Research Services/Berwyn Group) to ensure the accuracy of retiree payments and beneficiaries while also identifying member deaths. Recently, it has come to light that PBI experienced a data breach in their systems on June 6, 2023, due to a zero-day vulnerability in the MOVEit file transfer application. This vulnerability has been exploited by numerous threat groups worldwide to extract sensitive data from organizations.
Upon receiving the notification from PBI, CalPERS acknowledged the incident and immediately initiated an investigation with the help of cybersecurity investigators. The data breach is believed to have exposed personally identifiable information (PII) belonging to individuals associated with CalPERS. The compromised data includes their first and last names, Social Security numbers (SSN), current and former employee names, spouse or domestic partner information, and child or children’s information.
PBI has taken appropriate measures to resolve the breach and prevent similar incidents from occurring again. They have also informed law enforcement authorities about the breach. In response, CalPERS is offering free credit monitoring and restoration services through Experian IdentifyWorks for a period of two years to compensate for the data breach. They are actively reaching out to affected individuals and their survivors to provide these complementary benefits.
It’s important to note that the data breach only impacted information related to retirees and their survivors. Other data within CalPERS’ systems remains secure and unaffected. Nevertheless, CalPERS is advising its customers to remain vigilant against identity theft and unauthorized transactions.
The vulnerability in the MOVEit file transfer application has affected multiple organizations and their third-party vendors globally. To mitigate the risk of exploitation, organizations are being urged to conduct a thorough assessment of their own systems and those of their third-party vendors that utilize MOVEit file transfer. It is crucial to identify and patch any vulnerabilities promptly to prevent potential attacks by threat actors.
In conclusion, CalPERS and PBI are actively addressing the data breach incident to safeguard the pension benefits and health security services they provide. CalPERS is taking proactive measures by offering free credit monitoring and restoration services to affected individuals, while also advising caution against identity theft. Organizations worldwide are being encouraged to assess and secure their systems to prevent future vulnerabilities and potential breaches.