Dearld Snider, executive director of the Public School Retirement System, told a legislative committee that the Sept. 11 breach of an email has officials looking at how to stop future events and whether any additional cybersecurity changes are warranted.
The pension program, which serves more than 128,000 active members and 100,000 retirees and their beneficiaries, identified the affected account and shut down the possible incursion within 53 minutes, he said.
"We were notified by our outside vendor ... that there was a suspicious login of one email account," Snider told members of the Joint Committee on Public Employee Retirement.
Nearly two months later, the pension system announced it was offering free credit monitoring services for two years to pension plan members.
The notification of the possible pension breach was issued on the same day Gov. Mike Parson lashed out at the Post-Dispatch after the newspaper reported a separate, unrelated data flaw at the state's Department of Elementary and Secondary Education.
In that incident, the newspaper found that Social Security numbers of school teachers, administrators and counselors across Missouri were vulnerable to public exposure due to programming shortcomings on DESE's website.
The vulnerability was discovered in a web application that allowed the public to search teacher certifications and credentials. The department removed the affected pages from its website after being notified of the problem by the Post-Dispatch.
Rather than thank the newspaper for discovering the vulnerability and giving the state the opportunity to fix the flaw, Parson called the newspaper's work "hacking" and called for a criminal investigation and a possible civil lawsuit.
Last week, state education officials announced that more than 600,000 current and former teachers affected by the DESE vulnerability could also sign up for free credit monitoring services at an estimated cost of $800,000.
In announcing the service, Commissioner of Education Margie Vandeven said she was sorry for the potential breach.
"Educators have enough on their plates right now and I want to apologize to them for this incident and the additional inconvenience it may cause them," Vandeven said. "It is unacceptable. The security of the data we collect is of the utmost importance to our agency."
In addition to credit monitoring, PSRS/PEERS also has a dedicated telephone number with individuals trained to address questions about the incident. The phone number is 888-391-6964.
©2021 the St. Louis Post-Dispatch. Distributed by Tribune Content Agency, LLC.
