The MOVEit file transfer tool vulnerability has impacted California’s Public Employees’ Retirement System (CalPERS), the largest public pension fund in the U.S. CalPERS was notified by third-party vendor PBI Research Services/Berwyn Group on June 6 about data being accessed by hackers through the MOVEit tool. Personal information accessed includes first and last names, date of birth, and Social Security numbers. The incident affects retirees from the state, public agencies, school districts, and retirees of the Judges’ Retirement System and Legislators’ Retirement System. CalPERS has initiated new protocols, a call center for victims, and is offering two years of free credit monitoring and identity restoration services.
The MOVEit breach has also affected two of the largest accounting firms globally, Pricewaterhouse Coopers (PwC) and EY, as confirmed by both companies. PwC used MOVEit with a limited number of client engagements and ceased using it upon learning about the vulnerabilities. PwC stated that its IT network has not been compromised, and they are reaching out to the small number of clients impacted. EY, reporting $45 billion in revenue in 2022, initiated an investigation into the breach after the MOVEit vulnerability was announced on May 31. EY mentioned that the vast majority of systems globally using the transfer service were not compromised, and they are thoroughly investigating systems where data may have been accessed.
The CalPERS breach highlights the widespread impact of the MOVEit vulnerability, affecting organizations handling sensitive data, including major accounting firms. The incident underscores the need for organizations to promptly address software vulnerabilities and adopt robust cybersecurity measures to safeguard sensitive information.
