Quincy Employees’ Pension Fund Hacked

A major cyber hack targeting the City of Quincy Employees’ Retirement Fund resulted in the theft of more than $3.5 million, 5 Investigates has learned. and across the country. In the place known as the “City of Presidents”, a monumental and costly mistake has occurred, a cyber hack in February 2021 targeting the Quincy Retirement Board that went undetected for months is finally exposed a year later. The stolen $3.5 million is still missing from the pension system, which represents more than 3,000 people, from active city employees to retirees and survivors. According to a statement from the attorney representing the Quincy Retirement Board, “…an unauthorized user compromised” the city’s email system…posing as a Board staff member” and “persuaded the ‘one of the Commission’s investment managers to transfer $3.5 million to a third-party bank with which the Board of Trustees did not have an account.’ The Public Employees Retirement Administration Commission, or PERAC, is the agency that oversees the state’s public employee pension funds.It issued an investment fraud alert to pension boards in October over the Quincy hack and last month warned them of “You have both a lot of money and a lot of personal data, which makes them potentially very tempting targets,” he said. said Tim Hauser, a senior official with the Federal Employee Benefits Security Administration, or EBSA, which regulates all private pension funds nationwide. Hauser said the country’s 4 million private pension plans cover about 158 ​​million workers and total about $12 trillion in assets. Last year, for the first time, EBSA started publishing cybersecurity guidelines for private pension funds. “to protect American workers’ retirement benefits.” “There are a lot of vulnerabilities out there, and there are a lot of people who don’t keep their systems as secure as possible,” Hauser said.5 Investigators asked Hauser what happened to the money robbed from pension funds.”In most cases, our experience has been that plan participants have been cured,” he said. “The concern, however, is that at some point it will be a big enough breach or enough money will be stolen, that the money isn’t there.” The City of Quincy said there was no threat from any member of the retirement system nor A spokesperson said the pension system has hundreds of millions of dollars in assets, and annual payments are a small fraction of that. sources told 5 Investigates that PERAC was informed in December that the city had not disclosed the $3.5 million cyber-hack in its prospectus for the sale of $475 million in pension bonds. PERAC immediately contacted Quincy and within 24 hours, on December 14, city officials had issued an addendum to the prospectus disclosing the theft.

A major cyber hack targeting the City of Quincy Employees’ Retirement Fund resulted in the theft of more than $3.5 million, 5 Investigates has learned

This cyber attack comes as regulators say the threat of cyber hacking on retirement funds is greater than ever here in Massachusetts and across the country.

In the place known as the “City of Presidents”, a monumental and costly mistake has occurred, a cyber hack in February 2021 targeting the Quincy Retirement Board that went undetected for months is finally exposed one year later.

The stolen $3.5 million is still missing from the pension system, which represents more than 3,000 people, from active city employees to retirees and survivors.

According to a statement from the attorney representing the Quincy Retirement Board, “…an unauthorized user compromised ‘the city’s email system…posing as a member of staff of the Board’ and ‘persuaded the one of the Board’s investment managers to transfer $3.5 million to a third-party bank with which the Board did not have an account.”

The Public Employees Retirement Administration Commission, or PERAC, is the agency that oversees state public employee pension funds. He issued an investment fraud alert to pension boards in October over the Quincy hack and last month tipped them off again about an attempted cyberattack on another pension board.

A PERAC official said the commission would withhold comment on the theft at Quincy until its investigation and the criminal investigation are complete.

Cyber ​​crooks walk away with $3.5 million

“You have both a lot of money and a lot of personal data, which makes them potentially very tempting targets,” said Tim Hauser, a senior official with the Federal Employee Benefits Security Administration, or EBSA, which regulates every private pension. funds in the country.

Hauser said the country’s 4 million private pension plans cover about 158 ​​million workers and total about $12 trillion in assets.

Last year, for the first time, EBSA began issuing cybersecurity guidance for private pension funds “to protect American workers’ retirement benefits.”

“There are a lot of vulnerabilities out there, and a lot of people aren’t keeping their systems as secure as they could be,” Hauser said.

5 Investigators asked Hauser what happened to the money stolen from the pension funds. “In most cases, our experience has been that diet participants have been cured,” he said. “The problem, however, is that at some point there will be a big enough breach or enough money will be stolen, that the money won’t be there.”

The city of Quincy said there is no threat that members of the pension system will not receive a pension payment. A spokesperson said the pension system has hundreds of millions of dollars in assets and annual payments are only a small fraction of that.

Cyber ​​crooks walk away with $3.5 million

Questions have also been raised about the City of Quincy’s initial failure to disclose the cyber hack to potential investors and the public in an official legal statement regarding the city’s pension funds.

Sources told 5 Investigates that PERAC was informed in December that the city had not disclosed the $3.5 million cyber hack in its prospectus for the sale of $475 million in pension bonds. PERAC immediately contacted Quincy and within 24 hours, on December 14, city officials had issued an addendum to the prospectus disclosing the theft.

Dolores W. Simon