IE 11 Not Supported

For optimal browsing, we recommend Chrome, Firefox or Safari browsers.

MOVEit Hack Compromised Georgia Teachers' Pension Data

A vendor used by the Georgia Teachers Retirement System to prevent benefit overpayments was part of the widely reported MOVEit hack, potentially impacting those who were paid benefits between March 1 and May 26.

retirement+savings.jpg
(TNS) — A cyber attack on organizations and government agencies first reported in June included a data breach at a vendor for the retirement system that provides pensions to tens of thousands of retired Georgia teachers and university personnel.

The Georgia Teachers Retirement System sent out a notification noting that a TRS vendor the system uses to prevent benefit overpayments — PBI Research Services/Berwyn Group — was part of a widely reported hack connected to a file-transfer program called MOVEit.

Federal officials in June said a security hole was exploited by a Russian-speaking ransomware gang called Clop, which Politico reported has used openings to steal data from dozens of organizations across the globe and demand ransom payments.

The Atlanta Journal-Constitution reported two months ago that the cyber criminals likely had “unauthorized access” to information stored on MOVEit Secure File Transfer and Automation software by the University System of Georgia. The AJC reported Fayette County’s fire and emergency services may have been exposed as well.

The teacher pension system breach potentially impacts those who were paid benefits between March 1 and May 26 and beneficiaries, according to the TRS.

Last year, the TRS paid out $5.6 billion in benefits to retirees and beneficiaries in the program. About 500,000 Georgia teachers, school and university employees, retirees and their beneficiaries are part of the system. In the cyber attack, the TRS said data for 261,697 retirees and beneficiaries may have been impacted.

According to the notification from Buster Evans, executive director of the TRS, personal information that was affected by the breach may include retirees’ first and last names, dates of birth, addresses and Social Security numbers. “Every individual did not have all of these identifiers compromised,” Evans wrote.

Evans said PBI is sending out letters to those potentially impacted. The company is setting up a call center and website portal for members and is offering — through the monitoring company Kroll — free credit monitoring and identity restoration services that will be detailed in the letter.

Evans told members they can protect themselves by placing a freeze and/or fraud alert on their credit report, review their credit reports and add two-factor authentication to online accounts.

“We understand that this news may be concerning, and we want to assure you that we are taking this matter very seriously,” he wrote. “It is of the utmost importance to us to provide retirement benefits in a safe and efficient manner, and we are taking additional steps with our vendor to ensure your data is protected.”

The nation’s largest public pension fund — the California Public Employees Retirement System — announced in June that the Russian cyber criminals stole the personal information of about 769,000 retired California employees. It said PBI Research Services/Berwyn Group notified it of the breach on June 6.

In an interview, Evans told the AJC that the company notified the TRS in June that it may have been a victim of the breach, but it didn’t confirm a list of those who may be impacted until July.

“They have been very slow and it’s been very frustrating,” he said.

From a numerical standpoint, he said, the TRS was a small player in the massive cyber attack, which impacted millions of people across the globe. “It’s a mess,” Evans said.

©2023 The Atlanta Journal-Constitution. Distributed by Tribune Content Agency, LLC.