The SFERS(San Francisco Employees Retirement System) has been affected by a data breach impacting over 70,000 members.
SFERS disclosed the incident involved one of its vendor, 10up Inc which provides members with online account information. The vendor said that an unknown party accessed one of their server which contained, information database of 74,000 SFERS members.
The vendor, 10up Inc. claims it shut down the server immediately ad launched an investigation to identity the intruders. Vendor cannot confirm whether the intruders did not copy or copy the data from their server.
The database breached contains these data of SFERS members:
- Full name
- Home Address
- Date of Birth
- Full name, data of birth and relationship to the designated beneficiary.
- Usernames and security questions alongwith answers also breached.
For retired members, their exposed data included:
- Full name.
- Date of birth.
- relationship to the designated beneficiary.
- IRS form 1099R information.
- Bank ABA (routing) number.
- Usernames and security questions alongwith answers also breached.
SFERS has released a document consisting a full list of information regarding the incident you must read:
https://mysfers.org/wp-content/uploads/2020/06/10up-Breach-SFERS-Notice-Website-FINAL.pdf