California Public Employees Retirement System
Your Personal Info Could Be
Exposed Online After
This Hospital Breach
Breach Description
Overview of the CalPERS Data Breach
The California Public Employees’ Retirement System (CalPERS) experienced a significant data breach due to a third-party vendor vulnerability. This breach exposed the personal information of approximately 769,000 retired members and beneficiaries[1]. The incident involved a file-transfer application called MOVEit Transfer, which is used by various organizations for secure data sharing[23].
Details of the Breach
The breach was reported by PBI Research Services, a vendor that assists CalPERS with identifying deceased members to prevent overpayment of benefits[23]. The exposed data included names, Social Security numbers, dates of birth, and potentially information on spouses or domestic partners and children[1][5][17]. CalPERS CEO Marcie Frost stated that the breach did not compromise the pension fund’s systems or affect monthly benefits[23].
Response and Impact
CalPERS responded by implementing additional safeguards and offering two years of free credit monitoring to impacted members[1][8]. The breach also affected the California State Teachers’ Retirement System (CalSTRS), with 415,000 of its members and beneficiaries impacted[1]. CalSTRS confirmed that their network was not accessed unauthorizedly and that pension payments were not affected[11].
Public Reaction and Concerns
Members expressed concerns about the delay in notification and the adequacy of the response. Some retirees felt that CalPERS should have taken more immediate action and provided more comprehensive support[14][22][23]. There were also calls for legislative inquiries into how CalPERS handled the breach[20].
Broader Implications
The breach at CalPERS is part of a larger pattern of cyber incidents affecting various organizations, including federal agencies and other public pension funds[5][11]. The incident underscores the importance of cybersecurity measures and the potential risks associated with third-party vendors[23].
Conclusion
The CalPERS data breach has raised significant concerns about data security and the protection of sensitive personal information. The incident highlights the need for robust cybersecurity practices and the challenges of managing third-party vendor risks. CalPERS has taken steps to address the breach and support affected members, but the event serves as a reminder of the ongoing threat of cyberattacks.
Citations:
- https://www.kcra.com/article/calpers-third-party-data-breach-california-bpi/44305829
- https://www.ibm.com/topics/data-breach
- https://www.metacompliance.com/blog/data-breaches/5-damaging-consequences-of-a-data-breach
- https://ico.org.uk/for-organisations/advice-for-small-organisations/72-hours-how-to-respond-to-a-personal-data-breach/
- https://apnews.com/article/california-data-stolen-retired-workers-9de14c859c49c1aea0cd6a776572d5a4
- https://www.trendmicro.com/vinfo/us/security/definition/data-breach
- https://hbr.org/2023/05/the-devastating-business-impacts-of-a-cyber-breach
- https://www.cbsnews.com/sacramento/news/calpers-participants-information-exposed-in-data-breach/
- https://www.ftc.gov/business-guidance/resources/data-breach-response-guide-business
- https://www.cloudmask.com/blog/data-breaches-threats-and-consequences
- https://statescoop.com/calpers-moveit-hack-california-workers-pension-fund/
- https://www.csoonline.com/article/534628/the-biggest-data-breaches-of-the-21st-century.html
- https://www.nedigital.com/en/blog/data-breach-consequences
- https://www.cta.org/educator/posts/calpers-and-strs-data-breach
- https://www.kaspersky.com/resource-center/definitions/data-breach
- https://www.fisglobal.com/en/insights/merchant-solutions-worldpay/article/how-the-consequences-of-a-data-breach-threaten-small-businesses
- https://www.sacbee.com/news/politics-government/capitol-alert/article276638381.html
- https://www.fortinet.com/resources/cyberglossary/data-breach
- https://www.theamegroup.com/security-breach/
- https://www.govtech.com/security/questions-remain-about-the-california-state-retirees-data-breach
- https://commission.europa.eu/law/law-topic/data-protection/reform/rules-business-and-organisations/obligations/what-data-breach-and-what-do-we-have-do-case-data-breach_en
- https://bigid.com/blog/the-costly-impact-of-a-data-breach-on-individuals/
- https://www.sacbee.com/news/politics-government/the-state-worker/article277400423.html
- https://www.mcafee.com/learn/what-is-a-data-breach-and-how-do-you-avoid-it/
- https://riskxchange.co/349/5-ways-data-breaches-affect-organisations/