San Francisco Employees’ Retirement System (SFERS) admitted it become a victim of a data breach that exposed information of around 74,000 beneficiaries, including names, addresses, birth dates, banking and IRS data, and other details. However, SFERS clarified that no social security numbers or bank account details were exposed in the breach. In case any member had registered at the site, it is also possible that their login name and security questions and answers may have been compromised.
According to the official statement, On February 24, 2020, an unauthorized third-party accessed its database that an SFERS vendor, 10up Inc., was using in a test environment. 10up discovered the intrusion later on March 21 and reported SFERS about the security incident on March 26, 2020.
“On March 21, 2020, 10up Inc. learned that this server had been accessed by an outside party on February 24, 2020. The vendor promptly shut down the server and began an investigation. The vendor found no evidence that the information of SFERS members was removed from its server, but at this time, it cannot confirm that the information was not viewed or copied by an unauthorized party. On March 26, 2020, the vendor notified SFERS of the server breach and both SFERS and the vendor continue to investigate the potential exposure of data,” the breach notification said.
SFERS stated that it is going to offer all the affected members a complimentary one-year membership of Experian’s credit monitoring service. The organization also urged the members to monitor their credit history and bank accounts for any authorized transactions, as the exposed information can be used in phishing attacks.
Risks with Exposed Data
Cybercriminals make use of the stolen data in credential stuffing attacks. In credential stuffing attack, a hacker tries to log into various user accounts with known email and password combinations. Attackers take advantage of the fact that most people reuse email ids and passwords for multiple accounts. Once hackers gain access to an account, they try hacking other accounts by changing password combinations. The compromised accounts are used for a variety of purposes including spam, phishing, fraud, identity theft attacks, and selling on darknet forums.