State treasurer alerts retirees of breach in vendor data security

Published 1:48 pm Thursday, June 29, 2023

The Tennessee Consolidated Retirement System (TCRS) is sending notices to retirees and their beneficiaries that their personal information was included in a data security breach experienced by MOVEit Transfer, a file transfer software utilized by Pension Benefits Information (PBI), a vendor that TCRS contracts for services.
Pension Benefits Information (PBI), a national company that audits address and death records, is used by thousands of companies. TCRS uses PBI to verify retiree information to prevent overpayments. Retiree personal information that TCRS submitted to PBI, utilizing MOVEit Transfer, was accessed by unauthorized third parties through a breach. Since first notified of the incident, TCRS has worked with PBI to confirm which files may have been accessed and what resources will be offered to impacted parties.
On June 26, PBI confirmed to TCRS that files containing the personal information of 171,836 retired members and their beneficiaries were accessed as part of this breach. This information included name, social security number, date of birth, and mailing address. No banking or payment information was included in the files accessed and no information for active members of the retirement plan was included in this data breach. TCRS began issuing notification directly to impacted parties on Wednesday, June 28.
TCRS has verified that the data breach was contained to the information provided to PBI via MOVEit Transfer and had no impact on internal systems. The retirement system has been closely monitoring their online systems for suspicious activity and will notify credit agencies that members’ information was accessed. TCRS is also working with State and Federal law enforcement to ensure all efforts are made to protect members’ information.
“We understand the impact this unfortunate event may have on our members,” said Tennessee State Treasurer David H. Lillard, Jr., who serves as Chair of the TCRS Board of Trustees. “We began sending notifications as soon as we confirmed who had been impacted and what data was accessed. We want our members to take actions along with our efforts to minimize potential harm.”
PBI will offer retired members access to credit monitoring and identity restoration services provided by Kroll. These services include fraud consultation and identity theft restoration services and will be provided to members at no cost. Kroll will be establishing a hotline number for all retirees and beneficiaries whose data was accessed as part of this cyber security breach. PBI will send the information on how to use these services directly to impacted parties.
TCRS will continue to share information related to this data security incident online at > For Retirees.