The San Francisco Employees’ Retirement System (SFERS) reported that an unauthorized party accessed data belonging to them after a database that was set up by a vendor in a test environment was breached. This event occurred on February 24th, 2020 but the vendor, 10up Inc., did not recognize it until March 21st, 2020 and they let SFERS know on the 26th of March. According to SFERS, no Social Security Numbers (SSNs) or bank account information (other than some bank routing numbers) were included. However, a large amount of data was accessed, and it varied based on whether the member was actually retired or if they had simply registered on the website. Information that pertained to all included member’s name, address, date of birth, and beneficiary information. Retired members specifically had their IRS Form 1099R information and the direct deposit bank account routing numbers exposed. Registered members had login names and security questions with answers accessed. Although the test environment used an older database, none of the information included in it was more than two years old, with the records dating back to August 29th, 2018.
12 Essentials for a Successful SOC Partnership
Binary Defense
January 12, 2023
As cyber threats continue to impact businesses of all sizes, the need for round-the-clock security
