Menu
Browse

Cyber Threat Actor: Pension Benefit Information

Aliases: 2 aliases
Actor Type Location Known Incidents
 Icon
Criminal
United States of America
1 incident
Profile

Pension Benefit Information, LLC (PBI), also referred to as Pension Benefit Information, is a United States-based third-party vendor operating within the financial services and employee benefits sector. The organization provides data management services related to pension and retirement information for its clients. In late May 2023, PBI experienced a significant security incident when an external actor exploited a zero-day vulnerability in its MOVEIt Transfer server, a secure file transfer application. This breach of PBI's external system directly compromised the personal data of individuals associated with PBI's client organizations. The incident underscores the systemic risk introduced by third-party vendors with access to sensitive personal information. The data exposed included names and Social Security numbers, representing a high-risk data loss event for the affected individuals. The breach was not isolated to a single client but impacted multiple entities that relied on PBI's services for handling protected information.

The attack on PBI's MOVEIt server had cascading effects across its client base, demonstrating how a vulnerability in a single vendor can proliferate. Among the publicly confirmed impacted organizations were TIAA Kaspick, a financial services entity, and the University of Utah. At the University of Utah, the potentially accessed data pertained to health plan members, donors, and employees, indicating the broad scope of personal information held by such clients. The incident involved the exfiltration of data through the compromised file transfer system, a common vector for data theft in supply chain attacks. In response to the breach, PBI offered affected individuals two years of credit monitoring and identity theft restoration services, a standard mitigation measure for incidents involving Social Security number exposure. No specific malware families, additional tools, or post-exploitation tactics beyond the initial zero-day exploit and data theft are detailed in the public reports concerning this event. Furthermore, the incident has not been publicly attributed to a specific threat actor group, criminal consortium, or state-sponsored nexus. The sole publicly reported operation involving PBI remains this May 2023 MOVEIt-related breach, which affected tens of thousands of individuals across multiple client institutions in the education and financial sectors. The strategic objective appears to be the acquisition of sensitive personal data for potential financial fraud or identity theft, consistent with common cybercriminal motives, though no group has claimed responsibility. The incident highlights the threat posed by software vulnerabilities in widely used enterprise tools and the extensive fallout from third-party data compromises.

Incidents
Attributed incidents available to members
1 incident
Sources
Sources available to members
0 sources