The California Public Employees’ Retirement System (CalPERS) and the California State Teachers’ Retirement System (CalSTRS) recently notified hundreds of thousands of California retirees that their personal information was compromised in a major data breach.  The compromised information included names, Social Security numbers, dates of birth, and zip codes which is critical information that can easily lead to identity theft.  An interesting aspect of this particular data breach is that the computers of CalPERS and CalSTRS were not directly hacked.  Instead it was the computers of PBI Research Services which is a company used by both CalPERS and CalSTRS that was hacked through the exploiting of a vulnerability in software used by PBI Research.  This type of supply chain attack where cybercriminals attack third party vendors to get at your information is becoming more and more common.


If you were a victim of this data breach, here is a link to take you to information as to how to obtain free credit monitoring.

As I often say, it is not a matter of if your personal information will be compromised in a data breach, but when.  You are only as safe and secure as the weakest places that hold your personal information which is why whenever you get an email, text message or phone call in which you are asked to click on a link or provide personal information, you should remember my motto, ‘trust me, you can’t trust anyone.”  The risk of clicking on a malware infected link or providing personal information to a scammer or identity thief is too great unless you have absolutely independently confirmed that the communication is legitimate.

Freezing your credit is also something everyone should do.  It is free and easy to do.  In addition, it protects you from someone using your identity to obtain loans or make large purchases even if they have your Social Security number.  If you have not already done so, put a credit freeze on your credit reports at all of the major credit reporting agencies.  Here are links to each of them with instructions about how to get a credit freeze:

If you are in the mood to get scared you can go to the free website haveibeenpawned where you can find out what data breaches have affected you personally.

If you are not a subscriber to and would like to receive free daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of and type in your email address on the tab that states “Sign up for this blog.”