The Target: California’s Public Employees' Retirement System, the largest public pension fund in the U.S., managing more than $477 billion in assets for over 1.5 million public employees, retirees, and their families in California.
The Take: First and last names; dates of birth; and social security numbers. It could have also included the names of former or current employers, spouse or domestic partner, and child or children.
The Vector: The organization said that it was informed on June 6 by a third-party vendor – PBI Research Services/Berwyn Group – that data was accessed by hackers exploiting the MOVEit file transfer tool.
This breach serves as a reminder of the risks associated with third-party vendors and highlights the need for stringent security measures and oversight when handling sensitive customer information.