Pages

Friday, July 21, 2023

Cyber Insecurity - Part 4 (CalPERS releases some info)

As prior posts have noted, UCLA was subject to a data breach that has affected many other organizations. (The list keeps growing.) CalPERS is among those organizations. And now - under pressure to do so - it is releasing more information about those whose information was lost. From the Sacramento Bee we learn that those affected by the CalPERS breach are not satisfied with what they have learned. However, they seem to have more resources and information available to them - thanks to political pressure - than has occurred at UCLA:

The California Public Employee and Retirement System launched its three-day offsite meeting in Monterey with a long-awaited update on a June data breach that exposed Social Security numbers, birth dates and other personal information on nearly 1.2 million retirees and other beneficiaries. The update follows a call from California State Treasurer Fiona Ma, who sits on both the CalPERS and CalSTRS boards, for the nation’s two largest public pension funds to hold special meetings and provide members with an update on the organization’s response to the breach. 

“We know what an unsettling experience this has been for our retirees,” said CalPERS CEO Marcie Frost less than five minutes after the board convened at 9 a.m. “So, I want to address what we’re doing to make the recovery process as smooth as possible for them.” The third-party vendor that was hacked, PBI Research/Berwyn Group, works with CalPERS and the California State Teachers’ Retirement System to identify any members who have died, which helps the agencies prevent overpayments or other errors. 

CalPERS said that PBI was using a data transfer application called MoveIt Transfer, made by Progress Software, that organizations around the nation use to share data securely. The application boasts encryption, tracking and access controls for secure collaboration and automated transfers. In the Monday update, Frost said CalPERS has received nearly 4,000 calls about the breach at its own customer contact center. The average wait time is one minute, she said. Retirees can also send in questions to the email address pbiquestions@calpers.ca.gov, which Frost said is monitored by CalPERS managerial staff. The average wait time for an email response is less than 24 hours, she said. The pension fund also established a special call center with Experian, which has fielded nearly 34,000 calls. Callers were experiencing “alarming” wait times, Frost said, so last weekend the call center added 50 more representatives to help bring wait times back down to one to two minutes. 

So far, about 122,000 CalPERS retirees have signed up for two years of free credit monitoring and identity restoration services through Experian. Frost said this represents a higher-than-expected response, according to Experian, when compared to other companies that it’s worked with following data breaches. (Frost noted that these companies were largely private employers, rather than public pension funds.) 

Frost suggested members could find answers to their questions at calpers.ca.gov/page/home/pbi. She encouraged people who need more help to send an email to pbiquestions@calpers.ca.gov or contact the CalPERS call center at (833)-919-4735. The hours are 6 a.m. to 8 p.m. on weekdays and 8 a.m. to 5 p.m. on weekends. “We realize how sensitive this situation is,” Frost said, “and again, we want to reassure our retirees that we’ll do everything possible to help them through the situation.” 

RETIREES SAY CALPERS ISN’T DOING ENOUGH 

Devara “Dev” Berger, a retiree who used to work for CalPERS overseeing health legislation, didn’t know that the board would provide an update at its offsite meeting. When she looked at the agenda, she saw no indication that the board would discuss the breach or take public comments from members. “CalPERS is foisting the majority of action about the breach onto us,” Berger said. “That is what infuriates us. That shows a complete lack of integrity and leadership.” Berger is upset that the pension fund’s board hasn’t heeded the state treasurer’s request to host a public hearing or town hall where members can directly engage with board members. “I’m not buying into it,” Berger said. “I’m not buying into CalPERS telling me ‘c’est la vie.’”

Source: https://www.sacbee.com/news/politics-government/the-state-worker/article277400423.html.

No comments: