PERS is aware of a member data incident, which occurred over the weekend of February 16, 2020, through PERS Online Member Services (OMS). The agency identified the cause of the incident and fixed OMS on Thursday, February 20.
As soon as PERS became aware of the incident, the agency immediately shut down access to OMS to prevent further visibility of member information.
It is important to understand that the OMS data incident was not a data breach. The PERS Information Security & Risk Team has confirmed that “protected personal information” was not exposed in OMS.
Over the weekend, PERS made upgrades to the pension system. Although extensive testing occurred before the system upgrades were performed, an unanticipated error occurred.
During this incident, some members (estimated to be fewer than 1,000) who logged into OMS may have been temporarily able to see another member’s information. After researching the issue, PERS has confirmed that only 256 member accounts were inadvertently viewed by another member. PERS will be following up with the impacted members to provide information on next steps.
Members reported they may have seen another member’s:
- Email Address
- Mailing Address
- Pension Benefit Amount (if retiree)
- Employment Information
The security of member data is of significant importance to the agency and we strive to safeguard member information.
While we recognize the sensitivity of information members saw, it is not considered “protected personal information,” which would include Social Security numbers, bank accounts, driver’s license or passport numbers, etc. None of those data elements are viewable in OMS; therefore this incident does not rise to the level of a data breach.
We appreciate the diligence of PERS members who quickly attempted to contact the agency over the long weekend, when they noticed something was wrong with their own OMS account.
Original posted Wednesday, February 19. Updated Friday, February 21.