CalSTRS Retirement System reports MOVEit vulnerability related Data Breach

CalSTRS, the California State Teachers Retirement System, reports a data breach, after discovering that confidential member information was leaked in a third-party data breach involving software used by PBI Research Services.

This breach specifically involved PBI Research Services, a company utilized by CalSTRS to prevent payments from being issued after a member's death. It is believed that the breach involved the MOVEit file transfer tool, developed by Progress Software, LLC, which was used by CalSTRS and PBI to transmit files containing member information.

PBI notified CalSTRS about a vulnerability in the software that hackers exploited to gain unauthorized access to the transmitted information between the two entities.

In response to the breach, CalSTRS requested a list of compromised files from PBI and initiated an investigation to assess the nature and extent of the incident, as well as to determine if any confidential member information had been leaked. The investigation confirmed that although the hackers did not access CalSTRS systems directly, they were able to obtain confidential information belonging to certain members.

The breached information varies depending on the individual but may include:

• name,
• Social Security number,
• date of birth,
• zip code.

It's not clear how many individuals are affected by this breach.

To address the breach, CalSTRS promptly sent out data breach letters on June 26, 2023, to all individuals whose information was compromised in the recent security incident.