Cyber Threat Actor: [No Name Available]
| Actor Type | Location | Known Incidents |
Criminal
|
United States of America
|
1 incident |
|---|
Profile
Actor overview: no known aliases, locationUnited States of America. The actor is known for a single attributed incident: the February 24 2020 breach of the San Francisco Employees Retirement System (SFERS). The breach involved unauthorized access to a vendor-hosted test database containing member information up to mid-2018. Exposed data included names, addresses, dates of birth, beneficiary details, and for retirees IRS Form 1099‑R data with routing numbers; registered users also had login credentials and security answers compromised. No Social Security numbers or full bank account numbers were taken. The organization responded by offering credit monitoring to affected individuals.
The breach affected a vendor-hosted test database used by the San Francisco Employees Retirement System, a public pension administrator. Exposed personal identifiers, benefit information, and login credentials were taken from that environment. The leaked information posed risks for phishing and identity theft, according to the public reporting. No malware families, specific tools, or exploit kits were referenced in the available reporting. Consequently, the actor’s technical toolkit remains unspecified based on public sources. No public attribution links the actor to a state sponsor, criminal consortium, or any other group. The activity stands as an isolated, publicly reported event. Therefore, the only concrete example of the actor’s operation is the SFERS breach. This incident serves as the basis for any current understanding of their behavior.
