Virginia Retirement System hack demands transparency and accountability – Daily Press

Through no fault of their own, thousands of Virginians are learning that their names, social security numbers, birthdates and partial addresses may have been exposed on the internet as part of a massive data breach affecting millions of Americans.

Most of those whose personal information may have been compromised are retired public employees who receive pension benefits through the Virginia Retirement System. VRS initially told Channel 8 News in Richmond that active members of the retirement system were not affected by the hack, but later backed away from that blanket statement. The hack compromised personal information of some survivors and beneficiaries of retirees, a group that includes some current teachers and other state employees. As many as 230,000 people may be affected.

Retirement systems in other states have also been targeted by the hackers, as have other public pension and private-sector retirement plans, state and federal agencies. California’s public employee retirement system, the largest in the nation, announced in June that hackers had stolen confidential data of about 769,000 retirees and beneficiaries.

How did this happen? After all, those in the commonwealth’s retirement system don’t have a choice about giving their personal information to VRS. Was VRS careless with the data in its files? The answer is complicated.

Like many other retirement systems, VRS contracts with a company called Pension Benefits Information to verify information about retirees and guard against overpayment. PBI, like many organizations around the world, uses the MOVEit Transfer software to share data, supposedly securely.

In May, a Russian ransomware group calling itself Clop apparently discovered a flaw in the MOVEit Transfer software and exploited it to gain access to a great deal of confidential personal information before the flaw was discovered and repaired.

Clop and similar cyber criminals steal data and then demand ransom in exchange for not making the information public. Clop wasn’t zeroing in on retired Virginia public employees, but all those whose personal details are now in the hands of unscrupulous crooks should be concerned.

It’s a fact of 21st century life:…