In June 2023, the California State Teacher’s Retirement System (CalSTRS) and the California Public Employees’ Retirement System (CalPERS), announced that their systems were breached in a large-scale cyber-attack affecting hundreds of thousands of current retirees.
In the week of June 26, they mailed out letters to those affected. If you received a letter from CalSTRS and/or CalPERS, your information may have been accessed. Unfortunately we live in an era where these nefarious acts can have detrimental effects on our lives, including identity theft and financial harm.
Your union urges you to read through the letter thoroughly. There are resources offered by both agencies, including free credit monitoring.
In addition, the letter offers you should also consider taking other preventative steps to protect your identity and finances.
Preventative Measures
Place a “Fraud Alert” on your credit reports, and review the reports carefully. The alert tells creditors to follow certain procedures before they open new accounts in your name or make changes to your existing accounts in order to know it’s really you. The three nationwide consumer reporting companies have online forms as well as toll-free numbers for placing fraud alert. A fraud alert stays active for one year.
• Equifax: 1-800-525-6285
• Experian: 1-888-EXPERIAN (397-3742)
• TransUnion: 1-800-680-7289
Requesting an alert from one company is sufficient. That company will notify the other two. Placing a fraud alert entitles you to free copies of your credit reports. When you review them, look for inquiries from companies you haven’t contacted, accounts you didn’t open, and debts on your accounts that you can’t explain.
If you are a victim of identity theft, you think you may have been compromised, or you simply want to prevent theft, you can now place a freeze on your credit for free.
A federal law that went into effect on September 21, 2018, allows consumers to freeze and unfreeze their accounts, their children’s accounts, or accounts they have guardianship over, for free.
Credit agencies must place freezes that are requested online or over the phone within one business day, and unfreeze within one hour.
Fraudulent Accounts in Your Name
If new accounts are fraudulently created in your name and/or your current accounts are tampered with, consider:
Close accounts. Close any accounts that have been tampered with or established fraudulently.
• Call the security or fraud departments of each company where an account was opened or changed without your okay. Follow up in writing, with copies of supporting documents.
• Use the ID Theft Affidavit at www.ftc.gov/idtheft to support your written statement.
• Ask for verification that the disputed account has been closed and the fraudulent debts discharged.
• Keep copies of documents and records of your conversations about the theft.
• File a police report. File a report with law enforcement officials to help you with creditors who may want proof of the crime.
• Report the theft to the Federal Trade Commission. Your report helps law enforcement officials across the country in their investigations.
Learn More
To learn more about ID theft and how to deter, detect and defend against it, visit www.ftc.gov/idtheft. Or request copies of ID theft resources by writing to:
Consumer Response Center
Federal Trade Commission
600 Pennsylvania Ave., NW, H-130
Washington, DC 20580
By phone: 1-877-ID-THEFT (438-4338) or TTY, 1-866-653-4261
By mail: Identity Theft Clearinghouse, Federal Trade Commission, Washington, DC 20580
What if you don’t have the June letter? How can i retrieve my number to access an Experian account? I already have the free one that you can get publicly.
Could we please have regular updates on this breach? Is the FBI involved? Just two of the questions I have
I year’s credit protection is totally inadequate. I would like an answer to this Question: Why are the CalPers retirees getting two years free protection and we at CalSTRS are only getting one?
Is protecting retired educators less important than other state employees?
CTA should pursue this discrepancy and demand that educators receive the same benefit as other state retirees/beneficiaries. I have protected by social security number my entire working life and now it’s available to who knows how many criminals.
Who is paying for the credit protection? It should be the company who didn’t protect our information.
I went to the security company you provided for free security, found the only location to enter the access code you gave me, and it was rejected several times as INVALID; now what?
I experienced the same today, so now what should I do?
Providing one year of credit protection is like an elephant eating a fly for dinner , its hardly enough considering clients could have a very long life span.
Shame on CTA and all parties for using defective software and transmitting all the sensitive information instead of other measures that would separate name from social security numbers.
Thank you for this great advice.
I have just retired this school year and have not received notification that my data was at risk or had been stolen. However my father who is a beneficiary to his deceased wife’s CalPers/ STRS pension has just been notified that his data was stolen. CalSTRS has advised him to file an online form with Experian. This has caused him major stress because he never gives out his social security number to anyone online and now in order for him to be protected from fraud, he is required to give that same information online. I’m really upset by this. He has recently suffered the loss of his wife and had a stroke. This breach should have been handled on your end immediately. Now your organization is offering a year of data security to these people who were affected. That does not seem to be sufficient. Millions of retirees’ data is now at risk. I am concerned that I may get a notice in the near future also. This could have been avoided if better precautions were taken