CalPERS Cybersecurity Breach Affects 769,000 Members

A major cybersecurity breach involves one of the world’s largest pension funds.

CalPERS announced last week that approximately 769,000 retired members and their families had personal information exposed in a “worldwide data security incident” that impacted one of its contracted third-party vendors, PBI Research Services/Berwyn Group (PBI).

PBI provides services to CalPERS to identify member deaths, ensure proper payments are made to retirees and beneficiaries, and prevent overpayments or other errors.

The pension fund said the cybersecurity breach did not impact information systems operated by CalPERS.

Affected retirees and beneficiaries are being notified by mail with information on how to take additional steps to protect their information. They are being offered free credit monitoring for two years. CalPERS is also providing information on its website and through its customer contact center.

PBI notified CalPERS that retired member files were impacted. Some of those are inactive members who may soon become eligible for benefits.

“This external breach of information is inexcusable,” CalPERS Chief Executive Officer Marcie Frost said in a statement. “Our members deserve better. As soon as we learned about what happened, we took fast action to protect our members’ financial interests, as well as steps to ensure long-term protections.”

PBI has reported the matter to federal law enforcement and told CalPERS it had resolved the vulnerability while adding additional security measures.

In response to this incident, CalPERS said it has taken “several additional and immediate actions to secure its members’ benefits. These include new protocols on the member benefits website, myCalPERS, as well as additional safeguards for those who use the member contact center and those who visit any CalPERS regional office.”

CalPERS also said that it would begin sending letters to every retiree or designated family member with impacted personal information. Those letters include detailed information, including free access to credit monitoring through Experian for two years.