VCERA contracts with PBI Research Services (PBI) for death and beneficiary audit services. In late May 2023, a third-party file transfer software used by PBI, MOVEit, identified a vulnerability in its software that was actively exploited by attackers. The exploit provided attackers the ability to gain access to the MOVEit Administrative Portal only. PBI stated that its core systems and software were not accessed.

PBI confirmed that clients who were potentially impacted were contacted directly. VCERA did not receive direct communication from PBI. To verify that VCERA was not affected by the breach, staff proactively contacted PBI and was told there was no evidence that VCERA records were impacted. Therefore, VCERA believes that its vendor’s data breach did not impact its information systems, Member Portal, or VCERA benefits to retirees and beneficiaries.

This update was provided to the Board of Retirement on July 10, 2023.