T. Rowe Price Retirement Plan Services reports Customers impacted by MOVEit breach

T. Rowe Price Retirement Plan Services, Inc. (TRP) reported a data breach after discovering that hackers breached a MOVEit server owned by Pension Benefit Information, LLC (PBI), a third-party vendor of TRP.

The data breach was caused by a critical vulnerability in the MOVEit software used by PBI. This vulnerability, confirmed by the software developer on May 31, 2023, allowed unauthorized parties to access MOVEit servers used by companies utilizing the program. PBI's MOVEit server was one of the affected servers.

PBI identified the affected individuals and the compromised information and informed T. Rowe Price Retirement Plan Services on July 14, 2023.

Following the incident, T. Rowe Price Retirement Plan Services sent out data breach letters to all impacted individuals on July 27, 2023. The letters provided victims with a list of the compromised information related to them.

No details are provided as to the number of affected individuals nor data exposed in the breach.