The Pensions Management Institute (PMI) has reported itself to the Information Commissioner’s Office following a cyber-attack which resulted in hackers gaining access to the names and email addresses of around 1,700 people.
The brute-force attack - which took place earlier this month - resulted in a breach of data which saw the hacker gain access to names and email addresses contained within an email inbox of one of the PMI's members of staff.
Individuals affected by the breach were then sent an email, purportedly from the PMI, which asked them to click on a link which led to an unknown third-party website.
The PMI said its membership database was not affected by the attack.
PMI chief executive Gareth Tancred explained: "Last week one of our staff had their Outlook email account targeted and hacked.
"The perpetrator used a VPN through a Manchester data centre to gain access to the individual's email inbox. Once inside, they were able to see a number of member and other stakeholder email addresses. It is not known at this stage where the attack originated from in the world, but our IT experts are working in close collaboration with Microsoft to investigate."
The PMI said as soon as it became aware of the incident, it initiated its internal protocols in respect of data breach management - engaging the support of the Information Commissioner's Office, IT specialists and its legal advisers.
He explained: "As soon as this sophisticated attack was discovered, the staff member's email account was shut down. Our IT company immediately began a full and thorough investigation and they assure us that our iMIS member database has not been compromised, nor any financial systems, nor have any of our other IT infrastructure assets due to our own VPN being in place. They have also checked all staff laptops and have confirmed them to be clean with all security measures up to date."
The PMI said its investigations indicate that just under 1,700 people had their details compromised and said it was in the process of contacting all those affected.
Tancred added: "I would likely to publicly apologise for any inconvenience that may have been caused by this attack and offer our reassurance that we are taking all appropriate steps to ensure that this never happens again."
The PMI said it would inform individuals should the results of its investigation suggest further impact on the processing of their personal data and urged anyone that received the email to delete it immediately.
Tancred said: "If you have not already done so, please delete the email. As an additional precaution, and in line with our incident response protocol, we request all users of MYPMI update their passwords as soon as possible."
The PMI said anyone with queries about the above should contact it at: [email protected]
USS launches 2020 valuation consultation; Universities and staff face vast hike in annual pension costs
The Universities Superannuation Scheme (USS) has launched a consultation on its 2020 valuation and ‘technical provisions’ laying out options to reduce its expanding deficit.
The total assets under management (AUM) held by the world’s 300 largest pension funds has increased this year to reach $19.5trn (£14.8trn).
Pension scams are not new, but the number of pension scams has soared by 400% since the beginning of the COVID-19 pandemic. Tom Williams asks what is a trustee’s role in protecting members against pension scams?
The government has confirmed the minimum pension age will rise from 55 to 57 by 2028 to coincide with the rise in the state pension age to 67.