MOVEit hack: Is your CalPERS retirement or pension fund safe? Here’s what to know

 

By Michael Grothaus

Earlier this month news broke that a hacking group had been exploiting a security flaw in the MOVEit Transfer application, which lets clients send large files over the internet (via TechCrunch). It is now known that the exploit allowed the data of major companies and institutions, including U.S. universities and banks, to be obtained by the hacking group.

In addition, the data of international organizations including the BBC and British Airways were compromised. And now there’s another organization to add to that list: CalPERS, the California Public Employees’ Retirement System, which is one of the largest retirement systems in the United States. 

Here’s what you need to know if your retirement or pension fund is with CalPERS:

    How many CalPERS members were affected? According to a press release from CalPERS, “approximately 769,000 members” had their data compromised. The company says active members of CalPERS weren’t impacted—only CalPERS retirees and their survivors. “This includes retirees from the state, public agencies, school districts, and retirees of the Judges’ Retirement System and Legislators’ Retirement System, the company wrote in an FAQ. “Anyone who receives an ongoing monthly benefit payment from CalPERS was likely affected.”

    What data was compromised? CalPERS says compromised data includes first and last name, date of birth, and Social Security Numbers. The company says additional data that may have been compromised includes the names of a member’s children, spouse, or partner, and current or former employers.

    How do I know if my CalPERS data was included in the hack? CalPERS says it is sending a letter to every retiree and designated family member whose data was breached. 

    I haven’t received a letter from CalPERS yet. How can I be sure my data wasn’t breached? CalPERS says you can call 833-919-4735 or email PBIquestions@calpers.ca.gov if you have questions or concerns.

    Is a retiree’s money safe? Yes, says CalPERS. The good news is that only data was accessed, not funds. CalPERS’s FAQ reiterates that only the third-party software was impacted and not its own systems. CalPERS monthly pension payments are not affected.

    What can affected CalPERS members do? CalPERS says it is giving all affected members two years of free Experian credit monitoring and identity restoration services. The details of how to access these services can be found in the letter CalPERS sent to those affected. Impacted members should be sure to enroll in the services.

Fast Company

(26)