The San Francisco Employees' Retirement System (SFERS) experienced a data breach in February 2020, reported by the California Office of the Attorney General in June 2020. An unauthorized external party gained access to a server containing sensitive information of approximately 74,000 SFERS members. The compromised data included personal details such as names, addresses, dates of birth, and for registered users, usernames and security questions. The breach exposed internal employee data, potentially enabling identity theft, phishing attacks, or further unauthorized access. While no financial or highly sensitive records (e.g., Social Security numbers) were explicitly mentioned as stolen, the exposure of security questions poses a significant risk for account takeovers. The incident highlights vulnerabilities in SFERS’ cybersecurity defenses, particularly in safeguarding employee retirement system data. The breach did not involve ransomware or a direct financial attack but resulted in the unauthorized access and potential misuse of employee-related personal information. The long gap between the breach (February) and public disclosure (June) may have further exacerbated risks for affected individuals.
Source: https://oag.ca.gov/ecrime/databreach/reports/sb24-190732
TPRM report: https://www.rankiteo.com/company/sfers
"id": "sfe200082025",
"linkid": "sfers",
"type": "Breach",
"date": "2/2020",
"severity": "60",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"{'affected_entities': [{'customers_affected': '74,000',
'industry': 'Public Sector / Pension Fund',
'location': 'San Francisco, California, USA',
'name': "San Francisco Employees' Retirement System "
'(SFERS)',
'type': 'Government Agency'}],
'data_breach': {'data_exfiltration': 'likely (accessed by outside party)',
'number_of_records_exposed': '74,000',
'personally_identifiable_information': True,
'sensitivity_of_data': 'high',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)',
'Authentication Credentials '
'(usernames, security '
'questions)']},
'date_detected': '2020-02-24',
'date_publicly_disclosed': '2020-06-09',
'description': 'The California Office of the Attorney General reported a data '
"breach involving the San Francisco Employees' Retirement "
'System (SFERS) on June 9, 2020. The breach occurred on '
'February 24, 2020, when an outside party accessed a server '
'containing data from approximately 74,000 SFERS member '
'accounts. Affected member information may have included '
'names, addresses, dates of birth, and, for registered users, '
'additional details like usernames and security questions.',
'impact': {'data_compromised': ['names',
'addresses',
'dates of birth',
'usernames (for registered users)',
'security questions (for registered users)'],
'identity_theft_risk': 'high (due to PII exposure)',
'systems_affected': ['a server containing SFERS member account '
'data']},
'references': [{'date_accessed': '2020-06-09',
'source': 'California Office of the Attorney General'}],
'regulatory_compliance': {'regulatory_notifications': 'Reported to California '
'Office of the Attorney '
'General'},
'response': {'communication_strategy': 'Public disclosure via California '
'Office of the Attorney General'},
'title': "San Francisco Employees' Retirement System (SFERS) Data Breach",
'type': 'Data Breach'}