Fallout from cyber hack affecting R.I. state workers being assessed

Upated at 6:25 p.m. on July 11.

MORE THAN 14,000 state workers and retirees have had their personal information compromised by a cyber hack targeting a third-party vendor. /PBN FILE PHOTO

PROVIDENCE – More than 14,000 state workers and retirees have had their personal information compromised by a theft perpetrated by a Russia-based hacking group known as “Clop,” which is known to exploit flaws in data sharing software and issue ransom demands for the release of stolen data. 

First reported in May, the number of those affected now includes numerous corporations, banks, public school systems and universities, among others.

Understanding Breast Health: The Vital Role of Annual Screenings

Breast health is a critical aspect of overall well-being, and regular screenings play a vital…

Learn More

The hack exploited vulnerabilities in the MOVEit file transfer system used by many organizations, including third-party contractor PBI Research Services, to securely transfer encrypted files. 

The MOVEit software is provided by Burlington, Mass.-based Progress Software.

- Advertisement -

PBI posted a statement on its website telling customers it became aware of the breach on June 2 and “immediately undertook an extensive internal investigation.” They also notified federal law enforcement and applied a security patch provided by Progress Software.

PBI is a contractor for Teachers Insurance and Annuity Association of America, the financial service provider for the state’s defined contribution retirement plans. 

However, TIAA servers were not directly compromised, according to Chad Peterson, TIAA vice president of media relations.

Peterson said on Tuesday that the hack impacted PBI and that no information was obtained from the TIAA systems.  The company was “not a risk from the MOVEit Transfer vulnerability,” he said.  

State officials on Tuesday confirmed that the data of beneficiaries enrolled in the state’s 401(a) Defined Contribution Retirement Plan, 457(b) Deferred Compensation Plan, and the FICA Alternative Retirement Income Security Program have been impacted by the software security breach. 

A spokesperson for R.I. General Treasurer James Diossa said Tuesday that current estimates are that 13,000 Employees’ Retirement System of Rhode Island members’ information was impacted, including first and last names, addresses, dates of birth, Social Security numbers, and genders. 

“From the moment our office was notified about the data breach, we have been in constant communication with TIAA and are closely monitoring the situation of the security breach,” said Treasury spokesperson Michelle Moreno-Silva. “Treasurer Diossa is prioritizing protecting all pensioners, and that includes their private information.” 

R.I. Department of Administration spokesperson Laura Hart on Tuesday said the personal information of approximately 1,500 state employees had also been compromised.  

PBI will be contacting impacted individuals directly and DOA will email active state employees who may be impacted by the breach, Hart said. 

“It is important to note that the state does not use the MOVEit transfer software and that no state systems were compromised,” she said. 

The data breach is now thought to have affected more than 17.5 million people. The U.S. State Department said last month it is offering a $10 million reward for information linking the group to a foreign government. 

Third-party cyber hacks have been on the rise in recent years, with 54% of organizations having experienced a cyberattack in the last 12 months, according to the Ponemon Institute, a research center in Michigan dedicated to privacy, data protection and information security policy. 

Moreno-Silva said the treasurer is working closely with DOA to coordinate a response and that Diossa is calling for TIAA and PBI to strengthen their cybersecurity protocols. 

(Update clarifies in the seventh paragraph that the Teachers Insurance and Annuity Association of America systems were not directly compromised by the hack.)

Christopher Allen is a PBN staff writer. You may contact him at Allen@PBN.com. 

No posts to display