San Francisco City & County Employees' Retirement System suffered a data breach on a computer server that might affect data from about 74,000 SFERS participant accounts.
The $25.7 billion pension fund in a June 1 notice of data breach on its website disclosed that a computer server that included a database with information on member accounts was accessed by an outside party Feb. 24.
A vendor for the retirement system that was responsible for the server, 10up Inc., discovered the breach March 21, shut down the server and began an investigation that found no evidence that any information was removed from the server, the notice said.
The vendor notified SFERS of the breach March 26 and both the retirement system and 10up will "continue to investigate the potential exposure of data."
Social security numbers and bank account data were not included in the file that was breached, the notice said. The file included information on members as of Aug. 29, 2018, relating to date of birth, home address, beneficiary information and SFERS website username, and security questions and answers. SFERS has implemented a password reset for affected members, the notice said.
Darlene Armanino, board secretary, could not be immediately reached for comment.
