Connect with us

Technology

2.5M Genworth policyholders and 769K retired California workers and beneficiaries affected by hack

[ad_1]

SACRAMENTO, Calif. (AP) — The country’s largest public pension fund says the personal information of about 769,000 retired California employees and other beneficiaries — including Social Security numbers — was among data stolen by Russian cybercriminals in the breach of a popular file-transfer application.

It blamed the breach on a third-party vendor that verifies deaths. The same vendor, PBI Research Services/Berwyn Group, also lost the personal data of at least 2.5 million Genworth Financial policyholders, including Social Security numbers, to the same criminal gang, according to the Fortune 500 insurer.

The California Public Employees Retirement system said they were offering affected members two years of free credit monitoring. Genworth said in a statement posted online it would offer credit monitoring and ID theft protection.

The U.S. is imposing sanctions on four firms and one individual connected to the Wagner Group. The Russian mercenary group led a brief revolt against the Kremlin last week.

A hiring sign is displayed at a restaurant in Buffalo Grove, Ill., Wednesday, May 10, 2023. On Wednesday, the Labor Department reports on job openings and labor turnover for April. (AP Photo/Nam Y. Huh)

Workers in the fields of computer science, real estate, finance and insurance experienced the greatest bumps in working from home during the first years of the pandemic, while it barely budged for laborers in occupations like stockers, truck operators and order fillers.

Tim Sheehy, founder of Bridger Aerospace and Ascent Vision, pauses during a tour of the company’s facility on Friday, Aug. 30, 2022 in Belgrade, Mont. Sheehy announced Tuesday, June 27, 2023, that he’ll seek the 2024 GOP nomination to challenge Montana Democratic U.S. Sen. Jon Tester. (Rachel Leathe/Bozeman Daily Chronicle via AP)

Former U.S. Navy SEAL Tim Sheehy says he will seek the 2024 Republican nomination to challenge Montana U.S. Sen.

FILE - A sheet of uncut $100 bills is inspected during the printing process at the Bureau of Engraving and Printing Western Currency Facility in Fort Worth, Texas, on Sept. 24, 2013. More than $200 billion may have been stolen from two large pandemic-relief initiatives, according to a new estimates from a federal watchdog investigating federally funded programs designed to help small businesses survive the worst public health crisis in more than a hundred years. (AP Photo/LM Otero, File)

More than $200 billion may have been stolen from two large COVID-19 relief initiatives. That’s according to new estimates from a federal watchdog investigating federally funded programs designed to help small businesses survive the worst public health crisis in more than a hundred years.

The breach of the MOVEit file-transfer program, discovered last month, is estimated by cybersecurity experts to have compromised hundreds of organizations globally. Confirmed victims include the U.S. Department of Energy and several other federal agencies, more than 9 million motorists in Oregon and Louisiana, Johns Hopkins University, Ernst & Young, the BBC and British Airways.

The criminal gang behind the hack, known as Cl0p, is extorting victims, threatening to dump their data online if they don’t pay up.

Genworth disclosed the hack Thursday of the MOVEit instance managed by PBI Research in a filing with the Securities and Exchange Commission.

Minnesota-based PBI Research did not immediately return a phone message seeking details on which of its other customers may have been affected. The company’s website lists the Nevada, New Jersey and Tennessee public pension funds as among customers of its mortality verification service.

“This external breach of information is inexcusable,” CalPERS CEO Marcie Frost said in a news release. “Our members deserve better. As soon as we learned about what happened, we took fast action to protect our members’ financial interests, as well as steps to ensure long-term protections.”

CalPERS had more than $442 billion in assets as of Dec. 31 and about 1.5 million members.

Security experts say such so-called supply-chain hacks expose an uncomfortable truth about the software organizations use: Network security is only as strong as the weakest digital link in the ecosystem.

The stolen data included names, birth dates and Social Security numbers — and might also include names of spouses or domestic partners and children, officials said. CalPERS planned to send letters Thursday to those affected by the breach.

CalPERS said PBI notified it of the breach on June 6, the same day cybersecurity firms began to issue reports on the breach of MOVEit, whose maker, Ipswitch, is owned by Progress Software.

PBI reported the breach to federal law enforcement, and CalPERS placed “additional safeguards” to protect the information of retirees who use the member benefits website and visit a regional office, officials said. The agency did not elaborate on those safeguards, citing security reasons.

___

This story has been corrected to reflect that Genworth disclosed the hack on Thursday, not June 16.

___

Bajak reported from Boston.

___

Sophie Austin is a corps member for the Associated Press/Report for America Statehouse News Initiative. Report for America is a nonprofit national service program that places journalists in local newsrooms to report on undercovered issues. Follow Austin on Twitter: @sophieadanna

[ad_2]

Source link

Related Topics: