More than 100 retiree accounts at the $31 billion Iowa Public Employees' Retirement System, Des Moines, were compromised, said Judy Akre, spokeswoman for the pension fund, in an email.
According to a statement from the pension fund last week, "criminals using stolen Social Security numbers and birth dates registered for IPERS online account access where they changed direct deposit information and redirected the benefit payments to a different financial institution." An accompanying fact sheet said only accounts that did not have previously established usernames and passwords for retirees' online access were involved.
The Oct. 18 breach, which IPERS learned about on Oct. 31, affected hundreds of thousands of dollars in benefit payments for about 103 retirees.
According to the fact sheet, it has not been determined where the thieves obtained retirees' Social Security numbers and birth dates. It is not believed that IPERS' computer system was hacked, Ms. Akre wrote.
Monthly benefit payments for the 103 retirees have already been reissued to the correct financial institutions, and the FBI has been contacted, the pension fund added in the statement. Online account access for the affected retirees remains suspended. The Iowa Division of Criminal Investigation was also initially contacted, but the division referred the pension fund to the FBI, a spokesman for the division said.
"The FBI is aware of the situation and we are in communication with local authorities," said Huston Pullen, spokesman for the FBI's field office in Omaha, Nebraska, in an email. "Due to the fluidity of this situation we are not in a position to comment any further at this time. If and when we are able to provide more information on this situation, we will do so."
IPERS has 115,000 retirees in total. The average retiree benefit is $20,000 per year.