Stay up to date with notifications from TheĀ Independent

Notifications can be managed in browser preferences.

Personal data of more than 700,000 retired California workers and beneficiaries have been stolen

California officials are notifying state retirees and other beneficiaries whose personal information has been stolen

Sophie Austin
Thursday 22 June 2023 16:12 EDT
California Data Breach
California Data Breach (Copyright 2022 The Associated Press. All rights reserved)

Your support helps us to tell the story

From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.

At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.

The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.

Your support makes all the difference.

California pension officials say personal information of about 769,000 retired state employees and other beneficiaries ā€” including Social Security numbers ā€” was among data stolen by Russian cybercriminals in the breach of a popular file-transfer application.

They said they were offering impacted members two years of free credit monitoring.

The breach of the MOVEit program, discovered last month, is estimated by cybersecurity experts to have compromised hundreds of organizations globally. Confirmed victims include the U.S. Department of Energy and several other federal agencies, more than 9 million motorists in Oregon and Louisiana, Johns Hopkins University, Ernst & Young, the BBC and British Airways.

The criminal gang behind the hack, known as Cl0p, is extorting victims, threatening to dump their data online if they don't pay up.

The California Public Employees' Retirement System said in a statement that a third-party vendor was breached that used MOVEit to help inform it of member deaths and validate payment eligibility.

ā€œThis external breach of information is inexcusable,ā€ CalPERS CEO Marcie Frost was quoted as saying. ā€œOur members deserve better. As soon as we learned about what happened, we took fast action to protect our membersā€™ financial interests, as well as steps to ensure long-term protections.ā€

Security experts say such so-called supply-chain hacks expose an uncomfortable truth about the software organizations: Network security is only as strong as the weakest digital link in the ecosystem.

The stolen data included names, birth dates and Social Security numbers ā€” and might also include names of spouses or domestic partners and children, officials said. It identified the vendor as PBI Research Services/Berwyn Group. CalPERS planned to send letters Thursday to those affected by the breach.

CalPERS said PBI notified it of the breach on June 6, the same day cybersecurity firms began to issue reports on the breach of MOVEit, whose maker Ipswitch is owned by Progress Software.

PBI reported the breach to federal law enforcement, and CalPERS placed ā€œadditional safeguardsā€ to protect the information of retirees who use the member benefits website and visit a regional office, officials said.

___

AP Technology Writer Frank Bajak contributed from Boston.

___

Sophie Austin is a corps member for the Associated Press/Report for America Statehouse News Initiative. Report for America is a nonprofit national service program that places journalists in local newsrooms to report on undercovered issues. Follow Austin on Twitter: @sophieadanna

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in