2021 Data Breach Information
Update December 22, 2021
Activation Code for Experian Identityworks: Your letter is now available on the ERSGA secure website.
You must have the Activation Code from the mailed letter to enroll. The Engagement Code in the email you received will not allow you to enroll.
The mailed letter with your unique Activation Code is also available in your ERSGA online account. Log in to your account using the Log In button at the top of the page and click on View Personal Correspondence. You may access this letter and use the Activation Code if you wish to enroll before receipt of the mailed letter.
You may also access your letter with the Activation Code on the GaBreeze website in your Secure Participant Mailbox.
Alight Solutions LLC (Alight), the administrator of Peach State Reserves (PSR) plans, contracted with Quantum Color Graphics LLC (Quantum) as a vendor to print and mail your December 31, 2020 Personal Statement of Retirement Benefits.
A ransomware group exploited a vulnerability in one of Quantum’s network servers and obtained unauthorized access to the files on that server, including electronic copies of ERS member statements. The ransomware group published the information on the dark web.
When did this incident occur?
Timeline of Events:
- The server was compromised between August 17 and October 11, 2021.
- Quantum discovered the intrusion on October 22, 2021.
- Quantum notified Alight of the breach on November 4, 2021.
- Alight notified Employees’ Retirement System of Georgia (ERSGA) on November 18, 2021.
Who is impacted?
Your information was affected if you received an ERS Personal Statement of Retirement Benefits in 2021, as well as any beneficiaries you had on file.
Retirees were NOT affected.
What personal data was compromised?
ERS Active Members:
- Employee name
- Home mailing address
- Date of birth
- ERSGA Pension ID number
- Retirement account balance information
- Account beneficiary name and date of birth (if the information was on file)
- All other information contained in the Personal Statement of Retirement Benefits
- Date of Birth
Please note that Social Security Numbers were NOT included in the compromised data.
What has been done to address the issue and protect my data in the future?
- Law enforcement has been notified.
- Alight has confirmed that Quantum has fixed the vulnerability which allowed for the unauthorized access to their files. Alight also obtained confirmation from Quantum that all of Alight’s data have been deleted from its systems and that Quantum no longer holds or maintains your data in its systems.
- Alight has taken steps to ensure that strong controls are in place to monitor participant accounts and prevent improper distributions. Alight and ERSGA will continue to maintain strong security controls to protect your account from fraudulent transactions. These include providing prompt notification for account changes, requiring multifactor authentication for certain transactions requests, and a holding period when new bank accounts and mailing addresses are added to your account.
What about the data already published on the dark web?
Alight is providing the Alight Protection Program to affected members for your PSR 401(k) and/or 457 account(s), which will reimburse losses related to fraud that occur through no fault of your own, when you take steps to help us protect your account. You can learn more about the Alight Protection Program by visiting the Security Center at GaBreeze.ga.gov
Affected member are eligible for a free one-year membership to Experian’s IdentityWorks, which provides you with detection and resolution of identity theft. Please see the Notification Letter you were sent for the details of this program and how to enroll.
Is there anything I should do?
To protect your ERSGA account:
- Log in to your secure account on this website by clicking on the orange Log In button at the top of the page.
- Make sure your user name and password are strong and secure.
- Important Note: If you do not already have a secure account, please create one using the register button on the secure Log In page, and follow the instructions to create an account.
Enroll in the Experian protection plan by March 31, 2022:
- Enroll by: March 31, 2022
The activation code on your letter will not work after this date, so take action immediately!
- Visit the Experian IdentityWorks website to enroll: https://www.experianidworks.com/plus
- Activation code: Use the activation code on your letter. The unique code on your letter is your proof of eligibility for the Experian’s IdentityWorks.
Remain alert for fraud and identity theft:
Review your ERSGA paper statements and online statements on a regular basis. Keep track of your other accounts, and monitor your free credit reports. Be on the lookout for anything that seems suspicious, including potentially fraudulent communications claiming to be from ERSGA or from other people concerning your ERSGA retirement benefits.
Who can I contact if I have questions about this incident?
Contact the Customer Care Group here.
Who can I contact about Identity Theft and my personal information?
For fraud alerts and security freezes, you can contact the three credit reporting agencies below.
Visit www.experian.com or Call (888) 397-3742
Credit Fraud Center P.O. Box 9554 Allen, TX 75013
Visit www.equifax.com or Call (888) 766-0008
Consumer Fraud Division P.O. Box 740256 Atlanta, GA 30374
Visit www.transunion.com or Call 1 (800) 680-7289
TransUnion LLC P.O. Box 2000 Chester, PA 19022-2000
You may also contact they Attorney General’s office in your
state. You can find the contact information for your state
National Association of Attorneys General (NAAG)
You can also contact the FTC for general cybercrime