The Employees Retirement System of Texas (ERS) recently fell victim to a cyber attack resulting in a data breach and the exposure of 1.25 million retirement plan records. A flaw in its online portal was exposed and, as a result, someone who found a way to log into the system could then view the information of other members or beneficiaries.
First and last names, Social Security numbers, and plan identification numbers were able to be found by other members due to a coding error in the modified search area of the site. ERS was lucky, however, that they detected and maintained the breach before any of the information could be leaked and used for identity theft or any other illicit use.
How did ERS detect and manage the exposure of the records? With the help of third party experts. They could not do it themselves and most plan sponsors ca not either.
You can manage and contain data breaches with cyber liability insurance!
Colonial’s cyber insurance provides a services-based solution to help plan sponsors manage data breaches successfully. These services include a dedicated team of cyber breach professionals who assist plan sponsors at every stage of incident investigation and breach response. These professionals coordinate the carefully vetted forensics experts and specialized lawyers to help plan sponsors establish what’s been compromised; assess plan sponsor responsibility; and, notify those individuals affected. In addition, these services will also coordinate credit or identity monitoring, and PR advice to help the plan sponsor safeguard its reputation. Of course, Colonial’s cyber insurance also indemnifies and defends plan sponsors from covered lawsuits or regulatory actions, the risk of which may be reduced by a well-coordinated breach response, but can never be completely eliminated.
Ongoing governance and evaluation of recordkeepers can help protect data, but the only way to fully protect against a potential cyber attack’s data breach is to purchase cyber liability insurance from Colonial Surety Company.