California Public Employees' Retirement System third-party data breach exposes 700,000

The chairman of CalPERS' risk and audit committee, disclosed that CalPERS, the California Public Employees' Retirement System suffered a cybersecurity breach involving a third-party organization.

The organization said Wednesday that it was informed on June 6 by a third-party vendor – PBI Research Services/Berwyn Group – that data was accessed by hackers exploiting the MOVEit file transfer tool.

The impacted third party is PBI Research Services/Berwyn Group and the breach affected the personal information of approximately 769,000 retirees.

PBI was used by CalPERS to ensure accurate payments and prevent overpayment. CalPERS officials were notified about the breach on June 6 but were only informed about the theft of CalPERS' data on June 9.

It was clarified  that the breach did not compromise any CalPERS systems, and that the stolen data was encrypted before being sent to the vendor. Which really doesn't help much since the data was decrypted on the PBI systems.

In response to the incident, impacted retirees and their beneficiaries will receive two years of credit monitoring and will be provided with additional measures to safeguard their information.

CalPERS statedthat PBI has notified federal law enforcement about the breach and has taken steps to address the vulnerability while implementing enhanced security measures.