Thousands of Tennessee retirees are the latest to have gotten their personal information hacked.
The Tennessee Consolidated Retirement System (TCRS) notified close to 172,000 Tennessee retirees and beneficiaries on June 28 of a security breach that included names, Social Security numbers, dates of birth and mailing addresses. No banking information, payment information, or information on active members in the retirement plan were accessed in the breach, TCRS said in a release. TCRS also noted that its internal systems were not harmed by the cyberattack.
According to TCRS, the data breach was caused by MOVEit Transfer, a file transfer software utilized by Pension Benefits Information (PBI), or PBI Research Services, who TCRS uses as a vendor. TCRS says it contracts PBI to verify retiree information to prevent overpayments.
The MOVEit software is generally utilized to securely transfer files. PBI notified TCRS of the breach on June 26.
“We understand the impact this unfortunate event may have on our members,” said Tennessee State Treasurer David H. Lillard, Jr., who also serves as chair of the TCRS Board of Trustees, in a statement. “We began sending notifications as soon as we confirmed who had been impacted and what data was accessed. We want our members to take actions along with our efforts to minimize potential harm.”
TCRS says it has been closely monitoring their online systems for suspicious activity and will notify credit agencies of the breach. The retirement system is also currently working with state and federal law enforcement.
PBI will offer retired members access to credit monitoring and identity restoration services provided by Kroll at no cost, including fraud consultation and identity theft restoration services. Kroll will also be establishing a hotline number for all retirees and beneficiaries whose data was accessed as part of the breach. Those impacted will receive information from PBI by July 15 on how to utilize the services.
The breach is the latest state-wide cyberattack on retirees, and the second from PBI. Last month, the California Public Employees’ Retirement System (CalPERS)—also regarded as the country’s largest defined benefit (DB) public pension plan—was hit with a hack that exposed names, birthdates, and Social Security numbers of 769,000 retirees.
CalPERS had also utilized PBI’s MOVEit file-transfer service. PBI noted that it had found a vulnerability in the service, created by Progress Software, that allowed hackers to download confidential member data, and had resolved the vulnerability while adding additional security measures.
SEE ALSO: