Jul 3, 2023

CalPERS Data Breach Exposes 769k Retirees and Beneficiaries' Social Security Numbers

CalPERS Data Breach Exposes 769k Retirees and Beneficiaries' Social Security Numbers

On June 6, 2023, CalPERS received notice from their third-party vendor PBI Research Services/Berwyn Group (PBI), that they suffered a recent cybersecurity breach that involved their MOVEit Transfer Application, a program used by thousands worldwide. The California Public Employees' Retirement System, or CalPERS, is an agency in the California executive branch that manages the pension and health benefits for over 1.5 million of California’s public employees, retirees, and their family members.

CalPERS uses PBI's services to identify member deaths and ensure accuracy in its payments to retirees and beneficiaries and sent data to PBI in a secure, encrypted format. PBI also validates information on inactive members who may soon be eligible for benefits. However, the security of that format came into question after the data breach impacted the personal information of approximately 769,000 members. Initially, CalPERS was slow acting at first, having only sent letters to those individuals with affected personal information on June 22, 2023.

Those who received letters include retirees, spouses, or children of members who receive ongoing monthly benefit payments from CalPERS, as well as those inactive members who may soon be eligible to receive benefit payments. The company claims they waited before sending out a notice over the breach because they felt, at the time, PBI did not provide sufficient detail as to the scope of the data that was impacted and the individuals to which that data belonged.

From the data breach, the personal information that was downloaded included first and last names, dates of birth, and social security numbers. The company also believes the breach could have included the names of the member's former or current employers, their spouse or domestic partner, or their children. The information taken from the database involves anyone who received an ongoing monthly benefit payment as of this spring. In more recent updates, PBI has reported the matter to federal law enforcement and has informed CalPERS they have resolved the vulnerability issues. CalPERS has also created additional security measures to prevent this from happening again.

 

CalPERS Offers Their Clients Added Security

"This external breach of information is inexcusable," said CalPERS Chief Executive Officer Marcie Frost in a statement to its members. "Our members deserve better. As soon as we learned about what happened, we took fast action to protect our members' financial interests, as well as steps to ensure long-term protections." And indeed, they did. Once the information was confirmed, CalPERS claims it took immediate steps to enhance the security of its members' benefits. The changes included creating new protocols on the member benefits website, myCalPERS, as well as other safeguards for those members who use CalPERS’s call center or who visit its regional office. 

CalPERS claimed it will continue to thoroughly vet any security procedures of its vendors that receive their member's information. The company is also offering all of those who were impacted by the breach two years of complimentary credit monitoring and identity restoration services through Experian. Members and their families should have or will soon receive a letter in the mail detailing the services provided and how they can enroll. If you are a CalPERS member and have not received a letter by June 30 and believe you have impacted personal information, they urge that you call Experian at 833-919-4735. Members who call in should have the engagement number "B097509" ready. 

 

What More Can CalPERS Members Do to Protect Themselves?

As mentioned on their CalPERS Frequently asked questions page, outside of the services provided by the company to secure their member's identities, they ask for customers to keep a watchful eye on their personal information to ensure they have not been compromised in any way. CalPERS also said that their clients do not need to worry if their bank accounts or monthly pension payments will come through as their systems were not directly affected by this data breach. 

When data breaches happen, they can severely impact the lives of thousands. With your information stolen from those promising to keep it safe and secure, it can leave you feeling exposed, scared, and unsure of what the future holds for you or those who depend on you. If you or a loved one believe your information may have been leaked due to the CalPERS data breach, we may be able to help you. You can learn more about this case by speaking to an experienced data breach attorney. 

Connect with a Morgan & Morgan data breach attorney by completing our free, no-obligation case evaluation form today.