Georgia teacher pension vendor’s data is hacked
A cyberattack on organizations and government agencies first reported in June included a data breach at a vendor for the retirement system that provides pensions to tens of thousands of retired Georgia teachers and university personnel.
The Georgia Teachers Retirement System sent out a notification noting that a TRS vendor the system uses to prevent benefit overpayments — PBI Research Services/ Berwyn Group — was part of a widely reported hack connected to a filetransfer program called MOVEit.
Federal officials in June said a security hole was exploited by a Russianspeaking ransomware gang called Clop, which Politico reported has used openings to steal data from dozens of organizations across the globe and demand ransom payments.
The Atlanta JournalConstitution reported two months ago that the cybercriminals likely had “unauthorized access” to information stored on MOVEit Secure File Transfer and Automation software by the University System of Georgia. The AJC reported Fayette County’s fire and emergency services may have been exposed as well.
The teacher pension system breach potentially impacts those who were paid benefits between March 1 and May 26 and beneficiaries, according to the TRS.
Last year, the TRS paid out $5.6 billion in benefits to retirees and beneficiaries in the program. About 500,000 Georgia teachers, school and university employees, retirees and their beneficiaries are part of the system. In the cyberattack, the TRS said data for 261,697 retirees and beneficiaries may have been impacted.
According to the notification from Buster Evans, executive director of the TRS, personal information that was affected by the breach may include retirees’ first and last names, dates of birth, addresses and Social Security numbers. “Every individual did not have all of these identifiers compromised,” Evans wrote.
Evans said PBI is sending out letters to those potentially impacted. The company is setting up a call center and website portal for members and is offering — through the monitoring company Kroll — free credit monitoring and identity restoration services that will be detailed in the letter.
Evans told members they can protect themselves by placing a freeze and/or fraud alert on their credit report, review their credit reports and add twofactor authentication to online accounts.
“We understand that this news may be concerning, and we want to assure you that we are taking this matter very seriously,” he wrote. “It is of the utmost importance to us to provide retirement benefits in a safe and efficient manner, and we are taking additional steps with our vendor to ensure your data is protected.”
The nation’s largest public pension fund — the California Public Employees Retirement System — announced in June that the Russian cybercriminals stole the personal information of about 769,000 retired California employees. It said PBI Research Services/Berwyn Group notified it of the breach on June 6.
In an interview, Evans told the AJC the company notified the TRS in June that it may have been a victim of the breach, but it didn’t confirm a list of those who may be affected until July.