MOVEit Breaches 

The PBI Research Services/Berwyn Group, a third-party vendor, experienced a significant data breach related to the MOVEit Transfer system. The breach impacted a total of approximately 4.92 million individuals. 

Unauthorized actors targeted the MOVEit Transfer system, affecting multiple organizations: 

California Public Employees’ Retirement System (CalPERS):

  • Data of 769,000 retirees was compromised. 
  • CalPERS CEO Marcie Frost expressed strong disapproval, calling the PBI breach “inexcusable.” 

Tennessee Consolidated Retirement System: 

  • 171,836 retirees and/or beneficiaries were impacted. 

Wilton Re: 

  • Nearly 1.5 million individuals were affected. 


  • The largest breach involved personal information for approximately 2.5-2.7 million individuals who are either customers or insurance agents. 

Specific weaknesses are not disclosed, but potential vulnerabilities could include: 

  • Third-Party Risks: Assessing security practices of vendors like PBI Research Services. 
  • Access Controls: Unauthorized access suggests weak controls.  

The breach was likely discovered during routine monitoring or incident response efforts. 

Potentially impacted personal data includes: 

  • Name 
  • Date of birth 
  • Social Security number 
  • Passport number 
  • Driver’s license number 
  • Tax ID number 

In response, the affected organizations likely notified their respective individuals but the breach highlights the importance of robust third-party risk management. 

Third-party breaches can have far-reaching consequences. Vigilance and proactive security measures are essential for safeguarding sensitive data.