Tennessee Employees Lose Their Data to Consolidated Retirement System Breach
Table of Contents
- By Steven
- Aug 18, 2023
The Tennessee Consolidated Retirement System is a retirement and benefits program administered to many full-time employees throughout the state. If you are an employee within the state of Tennessee, there's a good chance that your data is tied up in this system and that you're relying on the program administrators to protect your personal and financial information. Unfortunately, the program suffered from a recent breach, and everyone involved may experience serious losses in the future because of their lost information.
How Did the Attack Occur?
The Tennessee Consolidated Retirement System program relies on a service known as Pension Benefits Information or PBI. This service provider has been exposed by a data attack on a file service it uses called MOVEit. Since PBI lost a substantial amount of data in the attack, programs like the Tennessee Consolidated Retirement System were impacted and a significant amount of personal data was lost. A large number of Tennessee natives are likely to be impacted by this breach, and they will receive letters explaining what happened in detail.
What Information Was Viewed or Stolen?
Because of this data breach, the names, Social Security numbers, home addresses, and birth dates of the individuals involved were exposed to hackers. The data will likely be released on the internet or misused in some other way, but we have no way of knowing what will happen to the information.
How Did the Tennessee Consolidated Retirement System Admit to the Breach?
The Tennessee Consolidated Retirement System team is sending out notices to everyone marked as having data involved with this data breach. Anyone designated as being affected by the breach will receive a notice explaining the situation to them. If you get any type of notice regarding this breach, you should take immediate action to protect yourself.
What Will Become of the Stolen Information?
It's likely that the data these hackers take will be misused somehow. The hackers are demanding ransoms to prevent any misuse of the stolen information, but it's unlikely that PBI will pay the ransom, meaning that the information will be used for profit in a different way instead. The most common scenarios are identity theft attacks, where fraudulent accounts are opened in your name without your knowledge, or the information is resold to a different group of hackers that misuse the data in similar ways. With so many potential issues originating from this attack, anyone involved should take steps to protect themselves.
What Should Affected Parties Do in the Aftermath of the Breach?
If you were affected by this data breach and you receive a notice, you should immediately react by checking your credit by getting credit reports from each of the major bureaus. You should also consider investing in identity theft protection services that will monitor your credit for any major changes and alert you so you have time to react to them appropriately. You can also put a freeze on your credit which stops attackers from being able to open any accounts and misuse your information in other ways.