Due to a data breach at pension manager Blue Sky Group, personal data of tens of thousands of KLM employees ended up on the street. This concerns, among other things, names, policy and bank account numbers and amounts of money that employees had accrued in pension. The attackers managed to penetrate a phishing email via a link.
Blue Sky Group is the pension manager of more than 53,000 KLM employees. It also manages the pension funds of employees who work for Philips and SNS Reaal. All in all, Blue Sky Group is responsible for the retirement provision of tens of thousands of Dutch people. This company has now been hit by a data breach.
The data breach was caused by human error. An employee opened a phishing email and clicked the malicious link in the message. In this way, hackers managed to gain control of the mailbox of the employee concerned and to provide access to the personal data of participants in the pension funds. According to Blue Sky Group, personal data of former employees who receive a pension were almost certainly stolen. A preliminary analysis shows that there is little chance that the personal data of other participants have been leaked from the pension fund.
Blue Sky Group says the leak has been fixed immediately. In addition, the pension manager has taken measures to prevent a recurrence in the future. The data breach has now been reported to the Dutch Data Protection Authority. A police report is currently being prepared.
The pension funds for which Blue Sky Group takes care of the pension administration and their participants have been informed of the data breach. This also applies to the Blue Sky Eagle Fund, the investment fund for additional old-age provisions that the Blue Sky Group manages. The company does not want to say which data has been stolen. According to Tweakers.net, this includes names, policy and bank account numbers and pension amounts.
The pension manager regrets the situation and apologizes for any inconvenience the leak could cause to the victims. The company is asking everyone to be extra vigilant for emails, phone calls, text messages and other suspicious activity. People who are approached to provide login codes or personal data or to transfer money to an account, for example, must be very careful with this. The danger of identity theft lurks around the corner.
Blue Sky Group ends its press release with some tips to prevent fraud. First of all, the pension administrator advises taking a good look at spelling or writing errors in e-mail addresses. For example, if you receive an e-mail from a sender who uses @bleuskygroup.nl, an alarm bell should immediately go off (the -e and -u are reversed in ‘blue’).
Furthermore, Blue Sky Group says that a pension fund never asks for passwords by e-mail or telephone. Participants will also not be approached through these channels to communicate changes or transfer money. Not sure if an email is genuine? Then contact the company: they can check whether the e-mail comes from them or not. What you should definitely not do is click on a URL that looks suspicious, for example, because it was compiled via services like bit.ly.
Catch up on more articles here
Follow us on Twitter here