Cyber Incident Victim: Oklahoma Law Enforcement Retirement System

On August 26, 2019, cybercriminals stole $4.2 million from the Oklahoma Law Enforcement Retirement System (OLERS) pension fund, which manages over $1 billion for approximately 1,500 retired state law enforcement personnel including highway troopers, park rangers, and state agents. The attackers compromised the email account of an OLERS investment manager to execute the theft. The Oklahoma Police Pension and Retirement System (OPPRS), a separate entity, was unaffected. OLERS publicly addressed the incident ten days later, confirming no pension benefits were disrupted and all payments would continue without delay. The FBI initiated an investigation, and OLERS expressed confidence in recovering the stolen funds. By September 5, 2019, executive director Duane Michael reported $477,000 had been successfully retrieved through recovery efforts.

OLERS leadership implemented multiple response measures following the breach. The agency confirmed its insurance would cover any unrecovered losses, eliminating financial risk to retirees. Employees received cybersecurity training to prevent future incidents, though the organization retained the compromised investment manager in their role, acknowledging cybercrime as an unavoidable modern risk. Roy Rogers, OLERS president and a retired state trooper, characterized the attack as part of a widespread trend, citing daily targeting of individuals, businesses, and government entities. Historical context was noted, including a 2016 theft of $100,000 from a Pennsylvania police pension fund and a 2017 Iowa incident involving identity theft against retired public employees. OLERS maintained operational continuity throughout the response, with no interruption to beneficiary payments or pension management services.