CalPERS might sue the service provider involved in a recent third-party cyber breach — PBI Research Services/Berwyn Group — that is affecting 769,000 retirees, said Marcie Frost CEO of the $468.3 billion pension fund at a board meeting Monday.
California Public Employees' Retirement System, Sacramento, hired PBI Research Services/Berwyn in February 2022 to confirm participants' deaths to ensure proper payment and guard against overpayment, Ms. Frost said. CalPERS hired the firm after an audit revealed that the pension fund lost money from benefit overpayment because the Social Security Administration no longer notifies public pension funds when a retiree dies, she said.
CalPERS placed an encrypted data file "in the hands of the vendor that we had a … very strong contract with," Ms. Frost said. She added that she could not provide more details because "there could be pending litigation." Ms. Frost said the board would be getting updates about potential litigation "very soon."
PBI Research Services/Berwyn Group could not be immediately reached for comment.
CalPERS revealed the third-party cyber breach in June. CalPERS was one of nearly 300 organizations that were affected by the cyber breach, Ms. Frost said Monday. A number of retirees and participants, spoke during public comment period about their dismay that their personal information, some of which cannot be changed such as their birth dates and Social Security numbers, could be now circulating on the dark web.
Impacted retirees and their beneficiaries were offered two years of credit monitoring by Experian as well as information on additional steps they can take to protect their information. So far, 122,000 CalPERS retirees have signed up with Experian, Ms. Frost said. Some speakers Monday asked that CalPERS provide three years of credit monitoring.
"This information is out there forever," said Margaret Brown, former CalPERS board member and an active CalPERS participant, speaking Monday. "Two years is not enough time."