The California Office of the Attorney General reported a data breach involving CalPERS on June 22, 2023. The breach occurred on May 29, 2023, and was due to a zero-day vulnerability in the MOVEit Transfer application used by the third-party vendor PBI Research Services, potentially exposing personal information of retirees, including names, dates of birth, and Social Security Numbers.
Source: https://oag.ca.gov/ecrime/databreach/reports/sb24-568347
TPRM report: https://www.rankiteo.com/company/calpers
"id": "cal335072825",
"linkid": "calpers",
"type": "Vulnerability",
"date": "5/2023",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'industry': 'Public Sector',
'location': 'California',
'name': 'CalPERS',
'type': 'Government Agency'}],
'attack_vector': 'Zero-day vulnerability',
'data_breach': {'personally_identifiable_information': ['Names',
'Dates of Birth',
'Social Security '
'Numbers'],
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Personal Information']},
'date_detected': '2023-05-29',
'date_publicly_disclosed': '2023-06-22',
'description': 'The California Office of the Attorney General reported a data '
'breach involving CalPERS on June 22, 2023. The breach '
'occurred on May 29, 2023, and was due to a zero-day '
'vulnerability in the MOVEit Transfer application used by the '
'third-party vendor PBI Research Services, potentially '
'exposing personal information of retirees, including names, '
'dates of birth, and Social Security Numbers.',
'impact': {'data_compromised': ['Names',
'Dates of Birth',
'Social Security Numbers']},
'references': [{'date_accessed': '2023-06-22',
'source': 'California Office of the Attorney General'}],
'title': 'CalPERS Data Breach',
'type': 'Data Breach',
'vulnerability_exploited': 'MOVEit Transfer application'}