A Combined 1.2 Million CalPERS and CalSTRS Members’ Data Exposed in Vendor Software Breach

    A Combined 1.2 Million CalPERS and CalSTRS Members' Data Exposed in Vendor Software Breach

    Two of California’s most significant pension funds, CalPERS (California Public Employees’ Retirement System) and CalSTRS (California State Teachers Retirement System) suffered a significant data breach that exposed the personal information of their retired individual and beneficiary members.

    PBI Data Breach

    The breach stemmed from an exploited critical vulnerability in a contractor’s cybersecurity system. Specifically, the compromised software involved in the breach is known as the MOVEit Transfer Application, which was used by their third-party vendor PBI Research Services/Berwyn Group. They use PBI’s services to ensure accurate payments to retirees and beneficiaries and sent data in a secure, encrypted format.

    Who Was Affected and What Was Compromised?

    Approximately 1.2 million CalPERS and CalSTRS members (retirees and beneficiaries) were affected by the breach, making this a significant incident with far-reaching consequences. Compromised data includes:

    • First and last names
    • Social Security numbers
    • Dates of birth
    • Zip codes
    • Potentially, information about former or current employers, spouses, domestic partners, and children

    What to Do if You’re Affected by a Data Breach?

    In the unfortunate event that you find yourself affected by a data breach, it’s crucial to take immediate steps to protect yourself and minimize potential harm:

    • Monitor Financial Accounts: Regularly review your bank, credit card, and financial statements for any suspicious or unauthorized transactions. If you notice any inconsistencies, please contact your financial institution right away.
    • Change Passwords: If any online accounts use the same password as the compromised one, change them immediately. Use strong, unique passwords for each online account.
    • Credit Monitoring: Take advantage of any credit monitoring services offered by the affected organization. In this case, both CalPERS and CalSTRS are providing affected individuals with two years of complimentary credit monitoring and identity restoration services through Experian.
    • Set Up Fraud Alerts: Consider placing a fraud alert or security freeze on your credit report with the major credit bureaus, Equifax, Experian, and TransUnion. This can help prevent unauthorized accounts from being opened in your name.

    Protecting Your Identity and Personal Info 

    Compromised personal data can have serious consequences, including identity theft and financial fraud. We would encourage readers to head over to our FREE ID Protection tool, which has been designed to meet these challenges.  

    With ID Protection, you can: 

    • Check to see if your data (email address and phone number) has been exposed in a leak, or is up for grabs on the dark web.
    • Secure your social media accounts with our Social Media Account Monitoring tool, with which you’ll receive a personalized report.
    • Receive the strongest tough-to-hack password suggestions.
    • Enjoy a safer browsing experience, as Trend Micro checks websites and prevents trackers. 

    All this for free — why not give it a go today? As always, we hope this article has been an interesting and/or useful read. If so, please do SHARE it with family and friends to help keep the online community secure and informed — and consider leaving a like or comment below.

    Post a comment

    Your email address won't be shown publicly.


      This website uses cookies for website functionality, traffic analytics, personalization, social media functionality and advertising. Our Cookie Notice provides more information and explains how to amend your cookie settings.