‘Ransomware’ Attack Hits Multiemployer Pension Plan

Daily Labor Report® is the objective resource the nation’s foremost labor and employment professionals read and rely on, providing reliable, analytical coverage of top labor and employment...

By Rhonda Smith

Nov. 10 — Computer hackers gained access to a pension plan affiliated with Missouri-based Schnucks, Dierbergs Markets and Shop ‘n Save supermarkets, potentially affecting 18,630 participants, the UFCW said.

“We’ve increased our security and conducted an investigation,” Collin Reischman, a spokesman for United Food and Commercial Workers Local 655 in Ballwin, Mo., told Bloomberg BNA Nov. 10. “We’re not remotely close to being panicky here because we have no reason to think anyone’s information was taken.”

Cybersecurity for pension plans has been a priority for the ERISA Advisory Council, which advises the Department of Labor on employee benefit issues. The council on Nov. 10 made its final cybersecurity recommendations to the DOL.

Data potentially taken during the “ransomware” attack against Local 655 in July included current and former employees’ names, dates of birth, Social Security numbers and bank account information, the union announced late Nov. 9.

Hacker Demanded Bitcoins

The security breach, which targeted the UFCW Local 655 Food Employers Joint Pension Plan, occurred when an unidentified hacker took control of one of the union’s computer servers and demanded three bitcoins to enable it to work again, Reischman said. The value of three bitcoins is about $2,000, according to the Bitcoin Price Index.

The UFCW determined that an unauthorized user gained access to its server a week before the ransomware attack, he said.

The multiemployer pension plan contains about $560 million in assets, according to the latest UFCW data.

The union used a backup server while a third-party forensics analyst investigated the breach and secured Local 655’s computer system, Reischman said. It didn’t pay the ransom, he said.

As an additional precaution, the UFCW is offering plan participants access to 12 months of credit monitoring and identity-theft restoration services at no charge, the union’s statement said.

Local 655 also has established a dedicated telephone assistance line so participants can ask questions and learn more about the security breach.

To contact the reporter on this story: Rhonda Smith in Washington, D.C. at rsmith@bna.com

To contact the editors responsible for this story: Peggy Aulino at maulino@bna.com; Terence Hyland at thyland@bna.com

Copyright © 2016 The Bureau of National Affairs, Inc. All Rights Reserved.