Massive Cyber Attack Affects Public Pension Fund and Genworth Financial

  • CalPERS and Genworth Financial have fallen victim to a cyber attack by the Cl0p criminal gang, compromising the personal data of nearly 769,000 retired California employees and 2.5 million Genworth policyholders through a third-party vendor, PBI Research Services.
  • Both CalPERS and Genworth are offering credit monitoring and ID theft protection to the affected individuals, as investigations continue into the breach that is part of a larger global attack impacting hundreds of organizations including government agencies and major corporations.

The California Public Employees Retirement System (CalPERS), the largest public pension fund in the US, has reported that the personal information of approximately 769,000 retired employees and beneficiaries was stolen in a large-scale cyber attack. The attack, attributed to a Russian criminal gang known as Cl0p, compromised data including Social Security numbers through a breach in the MOVEit file-transfer application.

CalPERS has pinpointed the breach to a third-party vendor, PBI Research Services/Berwyn Group, which is responsible for verifying deaths. In a startling revelation, it has emerged that the same vendor lost personal data of at least 2.5 million Genworth Financial policyholders, including their Social Security numbers.

CalPERS, which had over $442 billion in assets as of December 31, and about 1.5 million members, responded to the breach by offering the affected members two years of free credit monitoring. Genworth Financial also stated that it would offer credit monitoring and ID theft protection to its affected policyholders.

PBI Research Services, which is based in Minnesota, has not yet provided information on any additional customers that may have been impacted by the breach. It is noteworthy that PBI Research’s website lists public pension funds in Nevada, New Jersey, and Tennessee among its clientele.

Marcie Frost, CalPERS CEO, expressed outrage at the breach, stating, “This external breach of information is inexcusable. Our members deserve better.” CalPERS took immediate action to safeguard members’ financial interests and is implementing long-term protective measures.

Cybersecurity experts have estimated that the MOVEit breach has had a global impact, compromising hundreds of organizations. The list of confirmed victims is staggering, including the U.S. Department of Energy, several other federal agencies, more than 9 million motorists in Oregon and Louisiana, Johns Hopkins University, Ernst & Young, the BBC, and British Airways.

The Cl0p criminal gang has reportedly been extorting victims with threats of releasing their data online if they do not comply with ransom demands.

The breach highlights the vulnerability and risks associated with third-party vendors and the need for stringent security in the software supply chain. Experts assert that network security is contingent on the strength of every digital link in the system.

CalPERS reported that PBI notified them of the breach on June 6, which was the same day cybersecurity firms began issuing reports regarding the MOVEit breach. PBI has reported the incident to federal law enforcement, and CalPERS has implemented additional safeguards for the information of retirees who use their member benefits website or visit a regional office.