California Public Employees Retirement System

Your Personal Info Could Be

Exposed Online After

This Hospital Breach

Breach Description

Overview of the CalPERS Data Breach

The California Public Employees’ Retirement System (CalPERS) experienced a significant data breach due to a third-party vendor vulnerability. This breach exposed the personal information of approximately 769,000 retired members and beneficiaries[1]. The incident involved a file-transfer application called MOVEit Transfer, which is used by various organizations for secure data sharing[23].

Details of the Breach

The breach was reported by PBI Research Services, a vendor that assists CalPERS with identifying deceased members to prevent overpayment of benefits[23]. The exposed data included names, Social Security numbers, dates of birth, and potentially information on spouses or domestic partners and children[1][5][17]. CalPERS CEO Marcie Frost stated that the breach did not compromise the pension fund’s systems or affect monthly benefits[23].

Response and Impact

CalPERS responded by implementing additional safeguards and offering two years of free credit monitoring to impacted members[1][8]. The breach also affected the California State Teachers’ Retirement System (CalSTRS), with 415,000 of its members and beneficiaries impacted[1]. CalSTRS confirmed that their network was not accessed unauthorizedly and that pension payments were not affected[11].

Public Reaction and Concerns

Members expressed concerns about the delay in notification and the adequacy of the response. Some retirees felt that CalPERS should have taken more immediate action and provided more comprehensive support[14][22][23]. There were also calls for legislative inquiries into how CalPERS handled the breach[20].

Broader Implications

The breach at CalPERS is part of a larger pattern of cyber incidents affecting various organizations, including federal agencies and other public pension funds[5][11]. The incident underscores the importance of cybersecurity measures and the potential risks associated with third-party vendors[23].

Conclusion

The CalPERS data breach has raised significant concerns about data security and the protection of sensitive personal information. The incident highlights the need for robust cybersecurity practices and the challenges of managing third-party vendor risks. CalPERS has taken steps to address the breach and support affected members, but the event serves as a reminder of the ongoing threat of cyberattacks.

Citations:

  1. https://www.kcra.com/article/calpers-third-party-data-breach-california-bpi/44305829
  2. https://www.ibm.com/topics/data-breach
  3. https://www.metacompliance.com/blog/data-breaches/5-damaging-consequences-of-a-data-breach
  4. https://ico.org.uk/for-organisations/advice-for-small-organisations/72-hours-how-to-respond-to-a-personal-data-breach/
  5. https://apnews.com/article/california-data-stolen-retired-workers-9de14c859c49c1aea0cd6a776572d5a4
  6. https://www.trendmicro.com/vinfo/us/security/definition/data-breach
  7. https://hbr.org/2023/05/the-devastating-business-impacts-of-a-cyber-breach
  8. https://www.cbsnews.com/sacramento/news/calpers-participants-information-exposed-in-data-breach/
  9. https://www.ftc.gov/business-guidance/resources/data-breach-response-guide-business
  10. https://www.cloudmask.com/blog/data-breaches-threats-and-consequences
  11. https://statescoop.com/calpers-moveit-hack-california-workers-pension-fund/
  12. https://www.csoonline.com/article/534628/the-biggest-data-breaches-of-the-21st-century.html
  13. https://www.nedigital.com/en/blog/data-breach-consequences
  14. https://www.cta.org/educator/posts/calpers-and-strs-data-breach
  15. https://www.kaspersky.com/resource-center/definitions/data-breach
  16. https://www.fisglobal.com/en/insights/merchant-solutions-worldpay/article/how-the-consequences-of-a-data-breach-threaten-small-businesses
  17. https://www.sacbee.com/news/politics-government/capitol-alert/article276638381.html
  18. https://www.fortinet.com/resources/cyberglossary/data-breach
  19. https://www.theamegroup.com/security-breach/
  20. https://www.govtech.com/security/questions-remain-about-the-california-state-retirees-data-breach
  21. https://commission.europa.eu/law/law-topic/data-protection/reform/rules-business-and-organisations/obligations/what-data-breach-and-what-do-we-have-do-case-data-breach_en
  22. https://bigid.com/blog/the-costly-impact-of-a-data-breach-on-individuals/
  23. https://www.sacbee.com/news/politics-government/the-state-worker/article277400423.html
  24. https://www.mcafee.com/learn/what-is-a-data-breach-and-how-do-you-avoid-it/
  25. https://riskxchange.co/349/5-ways-data-breaches-affect-organisations/
Breach Submission Date Jan 10, 2024
Converted Entity Name California Public Employees Retirement System
Converted Entity Type Healthcare Clearing House
State CA
Individuals Affected 1,033
Breach Type Unauthorized Access/Disclosure

Breach Information Location Network Server

Business Associate Present Yes