LACERA Protecting Members in Wake of Third-Party Data Breach
PASADENA, Calif., Jan. 05, 2024 (GLOBE NEWSWIRE) -- The Los Angeles County Employees Retirement Association is in the process of alerting its potentially impacted members, staff members, and business partners about a data breach involving State Street Bank—its custodian banking partner since 2013—and State Street Bank’s third-party vendor Fiserv, which provides physical check deposit clearing and processing services.LACERA’s information systems remain uncompromised amid the recent data breach. Of LACERA’s over 190,000 members, the breach was limited to approximately 2,400 retired members, survivors, beneficiaries, and legal-split payees who receive their benefits by check. It is crucial to note that the majority of retired members who receive payments through direct deposit remain unaffected. Additionally, separate notices will be sent to approximately 200 other payees, such as vendors, employees, and business partners, ensuring clear communication and transparency in addressing the incident.
*Incident Details, Impacts, and Action Steps*
Fiserv notified State Street on October 16, 2023, that it had identified check information exposures through its transfer application, MOVEit. The MOVEit application breach occurred in May 2023 and has had a financial industry-wide impact that continues to reverberate to this day. Upon discovery of the breach, Fiserv took immediate steps to implement software updates designed to close any vulnerabilities.
Upon notification, State Street Bank immediately began an internal investigation to determine which of its clients had been impacted. On October 27, 2023, State Street notified LACERA of the incident, but it was unable at that time to provide specific information about those affected. In December 2023 State Street provided LACERA with details about which members and what information had been compromised, thereby enabling LACERA to formulate a plan to notify affected members and other payees.
LACERA is currently reaching out to its affected members, arranging for them to elect free Kroll credit and identity theft monitoring and restoration services for two years, and informing them of further steps they can take to protect themselves against fraud and identity theft. In addition, State Street Bank is keeping LACERA informed about the steps being taken by Fiserv above and beyond the ongoing monitoring and patching of vulnerabilities to prevent a repeat of future incidents.
“LACERA takes the security of our member’s data very seriously as part of our mission to protect their benefits,” said LACERA Chief Executive Officer Santos H. Kreimann regarding the incident. “We are committed to providing our members with all the support and resources they need to ensure their financial security in the wake of this breach. In addition, we are holding our vendors accountable as they work to identify any other potential weaknesses and put additional security measures in place. Our members deserve and expect the highest data security and system protections from outside business vendors and service providers.”
*About LACERA
*LACERA is a public retirement plan created and operating under the County Employees Retirement Law of 1937 (CERL) and is subject to the California Constitution, CERL, and the Public Employees’ Pensions Reform Act of 2013 (PEPRA). Two boards govern LACERA. Both boards are composed of elected and appointed members and one ex-officio member. The Board of Retirement is responsible for the overall management of the retirement system and the LACERA-administered Retiree Healthcare Benefits Program. The Board of Investments is responsible for establishing LACERA’s investment policies, strategies, and objectives, and exercising authority and control over the fund’s investment management and actuarial matters relating to setting contributions and estimating fund liabilities.
CONTACT: Media Contact: Eric W. Rose, eric@ekapr.com or 213-741-1500 ext. 525