TCRS Data Breach: What & How It Happened?
Twingate Team
•
Jun 28, 2024
In June 2023, the Tennessee Consolidated Retirement System (TCRS) experienced a data breach involving one of its vendors. The incident led to unauthorized access to personal information during a data transfer process.
How many accounts were compromised?
The breach impacted data related to 171,836 individuals.
What data was leaked?
The data exposed in the breach included names, social security numbers, dates of birth, and mailing addresses of retired members and their beneficiaries.
How was TCRS hacked?
The specific methods used by hackers to breach the personal information of TCRS retirees and their beneficiaries remain unclear. The unauthorized access occurred during a data transfer between Pension Benefits Information (PBI) and MOVEit Transfer, a file transfer software.
TCRS's solution
In response to the data breach, TCRS took several measures to secure its platform and prevent future incidents. The retirement system verified that the breach was contained to the information provided to PBI via MOVEit Transfer and had no impact on internal systems. TCRS closely monitored their online systems for suspicious activity and notified credit agencies that members' information was accessed. They also collaborated with State and Federal law enforcement to ensure all efforts were made to protect members' information. Additionally, PBI offered retired members access to credit monitoring and identity restoration services provided by Kroll at no cost.
How do I know if I was affected?
TCRS notified individuals believed to be affected by the breach. If you are a TCRS retiree or beneficiary and haven't received a notification, you may visit Have I Been Pwned to check your credentials.
What should affected users do?
In general, affected users should:
Change Your Passwords: Immediately update your passwords for any accounts that may have been compromised. Make sure the new passwords are strong and unique, not previously used on any other platform.
Reset Passwords for Other Accounts: If you've used the same or similar passwords for other online accounts, reset those as well. This is crucial as attackers often try using stolen passwords on multiple sites.
Enable Two-Factor Authentication (2FA): Activate 2FA on any affected accounts. Consider enabling this additional security feature on all other important online accounts to significantly reduce the risk of unauthorized access.
Monitor Your Accounts: Keep an eye on your accounts for any suspicious activity and report it immediately to the appropriate authorities or support teams.
For more specific help and instructions related to TCRS's data breach, please contact TCRS Support directly.
Where can I go to learn more?
For more information on the TCRS data breach, check out the following news articles:
Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.
TCRS Data Breach: What & How It Happened?
Twingate Team
•
Jun 28, 2024
In June 2023, the Tennessee Consolidated Retirement System (TCRS) experienced a data breach involving one of its vendors. The incident led to unauthorized access to personal information during a data transfer process.
How many accounts were compromised?
The breach impacted data related to 171,836 individuals.
What data was leaked?
The data exposed in the breach included names, social security numbers, dates of birth, and mailing addresses of retired members and their beneficiaries.
How was TCRS hacked?
The specific methods used by hackers to breach the personal information of TCRS retirees and their beneficiaries remain unclear. The unauthorized access occurred during a data transfer between Pension Benefits Information (PBI) and MOVEit Transfer, a file transfer software.
TCRS's solution
In response to the data breach, TCRS took several measures to secure its platform and prevent future incidents. The retirement system verified that the breach was contained to the information provided to PBI via MOVEit Transfer and had no impact on internal systems. TCRS closely monitored their online systems for suspicious activity and notified credit agencies that members' information was accessed. They also collaborated with State and Federal law enforcement to ensure all efforts were made to protect members' information. Additionally, PBI offered retired members access to credit monitoring and identity restoration services provided by Kroll at no cost.
How do I know if I was affected?
TCRS notified individuals believed to be affected by the breach. If you are a TCRS retiree or beneficiary and haven't received a notification, you may visit Have I Been Pwned to check your credentials.
What should affected users do?
In general, affected users should:
Change Your Passwords: Immediately update your passwords for any accounts that may have been compromised. Make sure the new passwords are strong and unique, not previously used on any other platform.
Reset Passwords for Other Accounts: If you've used the same or similar passwords for other online accounts, reset those as well. This is crucial as attackers often try using stolen passwords on multiple sites.
Enable Two-Factor Authentication (2FA): Activate 2FA on any affected accounts. Consider enabling this additional security feature on all other important online accounts to significantly reduce the risk of unauthorized access.
Monitor Your Accounts: Keep an eye on your accounts for any suspicious activity and report it immediately to the appropriate authorities or support teams.
For more specific help and instructions related to TCRS's data breach, please contact TCRS Support directly.
Where can I go to learn more?
For more information on the TCRS data breach, check out the following news articles:
Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.
TCRS Data Breach: What & How It Happened?
Twingate Team
•
Jun 28, 2024
In June 2023, the Tennessee Consolidated Retirement System (TCRS) experienced a data breach involving one of its vendors. The incident led to unauthorized access to personal information during a data transfer process.
How many accounts were compromised?
The breach impacted data related to 171,836 individuals.
What data was leaked?
The data exposed in the breach included names, social security numbers, dates of birth, and mailing addresses of retired members and their beneficiaries.
How was TCRS hacked?
The specific methods used by hackers to breach the personal information of TCRS retirees and their beneficiaries remain unclear. The unauthorized access occurred during a data transfer between Pension Benefits Information (PBI) and MOVEit Transfer, a file transfer software.
TCRS's solution
In response to the data breach, TCRS took several measures to secure its platform and prevent future incidents. The retirement system verified that the breach was contained to the information provided to PBI via MOVEit Transfer and had no impact on internal systems. TCRS closely monitored their online systems for suspicious activity and notified credit agencies that members' information was accessed. They also collaborated with State and Federal law enforcement to ensure all efforts were made to protect members' information. Additionally, PBI offered retired members access to credit monitoring and identity restoration services provided by Kroll at no cost.
How do I know if I was affected?
TCRS notified individuals believed to be affected by the breach. If you are a TCRS retiree or beneficiary and haven't received a notification, you may visit Have I Been Pwned to check your credentials.
What should affected users do?
In general, affected users should:
Change Your Passwords: Immediately update your passwords for any accounts that may have been compromised. Make sure the new passwords are strong and unique, not previously used on any other platform.
Reset Passwords for Other Accounts: If you've used the same or similar passwords for other online accounts, reset those as well. This is crucial as attackers often try using stolen passwords on multiple sites.
Enable Two-Factor Authentication (2FA): Activate 2FA on any affected accounts. Consider enabling this additional security feature on all other important online accounts to significantly reduce the risk of unauthorized access.
Monitor Your Accounts: Keep an eye on your accounts for any suspicious activity and report it immediately to the appropriate authorities or support teams.
For more specific help and instructions related to TCRS's data breach, please contact TCRS Support directly.
Where can I go to learn more?
For more information on the TCRS data breach, check out the following news articles:
Solutions
Solutions
The VPN replacement your workforce will love.
Solutions