A phishing scheme is costing the public pension for city employees of Quincy, Massachusetts, $3.5 million.
One year ago, in February 2021, an investment manager at the pension received an email from a former employee’s email account with instructions for a wire transfer. The investment manager made the transfer, not realizing that the email account had been hacked by a cybercriminal. The story of the hack was finally released to the public last week in Quincy newspaper The Patriot Ledger.
It took months for the Quincy Retirement Board to find out about the attack, and it didn’t report the issue to the state’s Public Employee Retirement Administration Commission until October 2021. The retirement board has now been placed under investigation by the Commission, and the board may not make any new investments until the investigation is over. This process will likely take months.
Members of the pension fund can rest assured that the attack is not expected to impact their benefits, since it is a relatively small percentage of the fund’s total assets. The pension had a market value of more than $370 million in 2019, the latest available data.
There have been several notable cyberattacks on pensions this past year, including on the Missouri teacher’s pension, which was also the victim of a hacked email address.
Experts like Alan Brill, senior managing director of cyber risk at Kroll, have said that the best way a pension can protect itself is by pre-emptively instituting protocols and preparing for a hack. He also recommended that pensions implement some sort of 24/7 monitoring system.
Related Stories:
How Can Pensions Best Protect Against Cybersecurity Threats?
Missouri Teachers’ Pension Hit by Cyberattack
SEC Settles With Eight Firms Over Inadequate Cybersecurity Measures
Tags: Cyber Security, Kroll, Missouri Teachers’ Pension, Public Employee Retirement Administration Commission, Quincy, Quincy Retirement Board