Another CalPERS retiree sues PBI over data breach that exposed social security numbers

A CalPERS retiree is bringing another class-action lawsuit in federal court for damages suffered as a result of a data breach that exposed retirees’ full names, social security numbers, birth dates and other sensitive personal information.

Attorneys for CalPERS member Terry Chang filed the lawsuit on July 7 in Los Angeles federal court. Similar to a lawsuit filed in late June on behalf of two other pensioners, Chang’s lawsuit seeks class-action status on behalf of all California residents whose data was stolen from PBI Research Services + Berwyn Group in May.

The suit alleges that PBI and the Berwyn Group were negligent in protecting members’ personal information, violated the California Customer Records Act and violated the retirees’ right to privacy under the California Constitution.

”PBI’s false promises compromised the data of hundreds of thousands of people, many of whom live on a restricted income, and if their credit or financial accounts are accessed, it would be catastrophic,” said attorney Anthony Jenkins in a statement Monday.

Both CalPERS and CalSTRS, the nation’s two largest public pension funds, contracted with the companies to identify retirees or beneficiaries who had died, helping them to prevent overpayments or other errors. The companies used a data transfer software called MoveIt, made by Progress Software, to securely exchange information with its clients.

A ransomware group known as Clop or C10p hacked the MoveIt software in late May, foiling encryption protocols and gaining access to the sensitive information being transferred.

Close to 550 organizations and more than 37 million people across the country and around the world have been targeted by the ransomware attack on MoveIt, according to the latest update from anti-malware and cybersecurity company Emisoft.