Russian cybercriminals targeted retired Georgia teachers in June hack

95.5 WSB first reported in June that Russian hackers targeted a vulnerability in a file-transfer program called MOVEit at a variety of state and government agencies, including the University System of Georgia.

On Wednesday, The Atlanta Journal Constitution confirmed the attack “included a data breach at a vendor for the retirement system that provides pensions to tens of thousands of retired Georgia teachers and university personnel.”

The AJC’s James Salzer reports the Georgia Teachers Retirement System (TRS) sent out a notification “noting that a TRS vendor the system uses to prevent benefit overpayments — PBI Research Services/Berwyn Group — was part of a widely reported hack connected to MOVEit.”

Salzer adds that in June, federal officials said a “security hole was exploited by a Russian-speaking ransomware gang called Clop, which Politico reported has used openings to steal data from dozens of organizations across the globe and demand ransom payments.”

According to TRS, the breach potentially impacts those who were paid benefits between March 1 and May 26 and beneficiaries.

“Last year, TRS paid out $5.6 billion in benefits to retirees and beneficiaries in the program,” Salzer writes. “About 500,000 Georgia teachers, school and university employees, retirees and their beneficiaries are part of the system.”

During the cyberattack in June, TRS said data for more than 261,000 retirees and beneficiaries may have been impacted.

“According to the notification from Buster Evans, executive director of the TRS, personal information that was affected by the breach may include retirees’ first and last names, dates of birth, addresses and Social Security numbers,” Salzer reports.

Evans did confirm to The AJC that not every individual had all of those “identifiers” compromised. Read more here.

On Tuesday, WSB reported that hundreds of thousands of Medicare beneficiaries received letters warning their most personal and private information had been breached in the same hack.

The letter from a Medicare contractor called Maximus is not junk mail or a scam. It was sent to 612,000 Medicare recipients.

Stockbridge resident Jan Whisnant almost shredded the letter from Maximus until she noticed the Medicare logo inside.

“It just... it freaked me out,” Whisnant said.

The letter details a long list of private data that may have been stolen including Social Security, tax ID and driver’s license numbers, as well as birth dates, addresses, emails and medical records.

“They should have all the information safeguarded,” Whisnant said.

The letter tells beneficiaries identified as victims of the breach, “We have determined that your personal and Medicare information was involved in this incident.”

“It has stressed me out to the point that it gives me anxiety. I have panic attacks,” Whisnant said.

Maximus is providing 24 months of free credit monitoring from Experian to those impacted by the hack.

The Center for Medicare and Medicaid Services says no CMS systems were impacted.

CMS is investigating the attack and has also shut down and installed patches on the targeted MOVEit software.

The Atlanta Journal Constitution contributed to this story.