Pension Benefit Information Data Breach

What Happened?

On or around May 31, 2023, Progress Software, the provider of MOVEit Transfer software, disclosed a vulnerability in their software that had been exploited by an unauthorized third party. This software is used by Pension Benefit Information, LLC (PBI), a service provider that conducts audit and address research for various organizations, including the I.A.T.S.E. Staff Retirement and National Pension Funds. The unauthorized access occurred specifically on May 29 and May 30, 2023, when the third party accessed and downloaded data from one of PBI's MOVEit Transfer servers.

What Information Was Involved?

The investigation by PBI confirmed that certain personal information was involved in this breach. Specifically, the data included names and other sensitive data elements associated with individuals linked to the I.A.T.S.E. Staff Retirement and National Pension Funds. While there has been no indication of identity theft or fraud stemming from this incident, the breach has raised understandable concerns among affected individuals.

PBI's Response

In response to the discovery of this breach, PBI took steps to secure their systems. This included patching the servers to close the vulnerability exploited in the attack. Additionally, PBI has initiated a thorough review and enhancement of their information security policies and procedures to prevent similar incidents in the future.

To further assist those potentially affected, PBI is offering 12 months of complimentary credit monitoring and identity restoration services through Kroll, a leader in risk mitigation. These services are designed to help detect and resolve any issues arising from the breach. Affected individuals can enroll in these services by visiting Kroll's enrollment page.

What You Can Do

It is recommended that all affected individuals remain vigilant by monitoring their account statements and credit reports for any unusual activity. You are entitled to a free credit report annually from each of the major credit reporting agencies—Equifax, Experian, and TransUnion. These can be requested through Annual Credit Report.

Additionally, you may consider placing a fraud alert or a credit freeze on your credit files. A fraud alert makes it harder for identity thieves to open accounts in your name, while a credit freeze restricts access to your credit report. Instructions for setting up these protections are available on the websites of the major credit reporting bureaus: Equifax, Experian, and TransUnion.

For More Information

If you have any further questions or need assistance, you can contact PBI's toll-free assistance line at (866) 676-3191, available Monday through Friday from 9:00 a.m. to 6:30 p.m. Eastern time, excluding U.S. holidays. More details about this incident and the response can be found in the official notice on the California Attorney General's website.

By taking these steps, you can help safeguard your personal information and respond effectively to any potential consequences of this data breach.