RICHMOND, Va. (WRIC) — The Virginia Retirement System (VRS) is maintaining that active members were not affected by the recent data breach. It comes after WFXR’s sister station, 8News’ original coverage of the breach on Aug. 29.
For that story, 8News cited VRS’ website which said, “active members were not affected by this incident.”
Below is a screenshot of VRS’s website at the time:
Since then, a woman, who identified herself as a current public school teacher in Central Virginia, reached out to 8News casting doubt on that claim.
She said she received a letter from Pension Benefit Information (PBI), the company contracted by VRS that was hacked, saying her personal information was involved in that cyberattack.
So, to clear things up, we took viewers’ concerns to VRS.
In an email, a spokesperson told us, “VRS does not share active member files with PBI as the service we contract for is only applicable to retirees, beneficiaries and survivors.”
However, the spokesperson did say, “Active members may receive a letter from PBI if they are receiving a retirement benefit after the death of a retiree.”
Additionally, the spokesperson said, “Active members participating in long-term care insurance with Genworth may receive a letter.” Genworth is an insurance company available to VRS members.
The spokesperson added Genworth, not VRS, will appear as the entity affected in the letter.
As a result of our questions, VRS has made changes to its website. The following screenshot was taken of the VRS website on Aug. 31st at 4:30 p.m. — You’ll notice the sentence claiming “active members were not affected by this incident” has been removed.
8News will continue covering the VRS incident as more information is revealed.