New Threat Research: Uncovering Adversarial LDAP Tradecraft

Read Threat Research


SFERS Suffers Breach Through Vendor

The San Francisco Employees’ Retirement System (SFERS) reported that an unauthorized party accessed data belonging to them after a database that was set up by a vendor in a test environment was breached. This event occurred on February 24th, 2020 but the vendor, 10up Inc., did not recognize it until March 21st, 2020 and they let SFERS know on the 26th of March. According to SFERS, no Social Security Numbers (SSNs) or bank account information (other than some bank routing numbers) were included. However, a large amount of data was accessed, and it varied based on whether the member was actually retired or if they had simply registered on the website. Information that pertained to all included member’s name, address, date of birth, and beneficiary information. Retired members specifically had their IRS Form 1099R information and the direct deposit bank account routing numbers exposed. Registered members had login names and security questions with answers accessed. Although the test environment used an older database, none of the information included in it was more than two years old, with the records dating back to August 29th, 2018.

Analyst Notes

SFERS has decided to offer all affected parties a free year of Experian credit and identity monitoring services. That should be taken advantage of immediately by anyone who thinks it would benefit them. Security questions and answers could potentially be abused by the attacker to reset passwords for any account that the same security questions were used for. Exposed information could be used in targeted phishing attacks. Any email claiming to be from SFERS should be double checked by contacting SFERS directly by phone or reaching out to a verified contact through email.