Oklahoma pension fund loses $4.2 million to cybertheft
- Cybercriminals have stolen $4.2 million from Oklahoma pension funds. These funds were meant for retired Oklahoma Highway Patrol Troopers and other state law enforcement officers.
- FBI is investigating the cybertheft, while the Oklahoma Law Enforcement Retirement system has promised that this would not affect the beneficiaries.
Computer hackers have stolen $4.2 million in funds from a pension system for retired Oklahoma Highway Patrol Troopers and other state law enforcement officers. The pension system, Oklahoma Law Enforcement Retirement System (OLERS,) has nearly 1,500 retirees and more than $1 billion in funds.
A notice was posted on the OLERS website that announced that the FBI is actively investigating this cybercrime.
“However, we are certain the stolen funds will be recovered. Most importantly, no pension benefits to members or beneficiaries have been impacted or put at risk. All benefits will continue to be paid in a timely fashion as always,” says the notice.
How did it happen?
Duane A.Michael, executive director of OLERS said that the cybercrime happened on August 26.
- First, the attackers hacked the email account of an OLERS employee.
- The attackers then stole funds managed by an investment manager, on the behalf of OLERS.
- As soon as the cybercrime was detected, the employee’s account was terminated before notifying the FBI.
“The total diversion was $4.2 million. Of that, we've recovered $477,000,” Michael told The Oklahoman.
Aftermath of the attack
OLERS employees are being given adequate training to prevent further cybersecurity breaches from happening. The employee whose account was hacked was not named, but Michael assured that the employee was not fired. Also, in response to this attack:
- The state Office of Management and Enterprise Services, whose email system OLERS is using, and the FBI refused to comment on the situation.
- Donelle Harder, the spokesperson for the governor, said that they were continuing to unify all state agencies in a single cybersecurity system.