Some Jackbag "Hacked" IPERS

Seriously?! They hacked the Iowa Public Employees Retirement System? I cannot think of a better way to piss off the very agencies capable of doing something about cybercrime. I mean, c'mon. The guys running those departments are probably only a few years from collecting IPERS payments themselves. Point in case: It took less than 24 hours for them to call in the FBI.

"IPERS learned of the cybercrime on Tuesday," the story in Wednesday's Des Moines Register says. "...federal law enforcement agencies have been asked to investigate."

You're playing with fire here, hackers.

Actually, what happened wasn't really what I would call a "hack" at all. It was the result of identity theft.

When I think of hacking, I think of some overweight dude with acne scars and Cheetos stains lounged back in a threadbare office chair he found on a curb during spring cleanup clicking and typing away on a computer with the lights off in his mom's basement while drinking Red Bull by the case and trying to write some computer code to circumvent the IPERS website's security system.

"I'll teach you government types to fire me for being late to work every day for a month!" he says through gritted teeth as he keystrokes another cyber attack.

But apparently that's not at all what happened. The IPERS site itself wasn't compromised in that way. According to the article in the paper:
"...while the retiree accounts were compromised, IPERS' computer system was not hacked."
No, in this case some jackass (or asses, we don't know the perpetrators yet) managed to get their hands on a bunch of retirees' social security numbers and personal information and used it to gain access to those members' IPERS accounts. Once inside, these "hackers" simply changed the bank accounts to which pension payments were to be sent and voila!, these cybercriminals pocket a hundred grand or so. They'd have gotten more too had it not been for the quick response from the good folks at IPERS, as reported in the paper:

"Donna Mueller, IPERS' chief executive officer, said in an email that she is proud that the IPERS' staff quickly identified the affected accounts, isolated the problem and worked with banks to recover the money, and then reissued payments to the 103 retirees."
I'd have to agree with CEO Mueller on this one. Good work, guys!

Good thing too because winter is coming and there are time shares in Florida and Arizona to pay for. And no, I'm not being snarky. I'm jealous. I aspire to also become a snowbird when I retire, assuming there's an IPERS left to retire on before I'm 95.

But in all seriousness, this kind of crap is happening all over the place. Nothing is sacred anymore. The more dependent we become on online systems, the more vulnerable we make ourselves. The technology improves faster than our ability to manage it. All it takes is one little leak of personal information. One misplaced or mishandled document containing a social security number. One unencrypted file and BAM! cyber-catastrophe (which is often followed by a cyber-witch-hunt).

And if you happen to be someone responsible for protecting such information - which just about anyone in an executive or management position would be - then even a little breach in security can be pinned on you.

Or on the flip side, if your personal information was contained in the breach, you may not even know it. Many data breaches go unnoticed until the stolen information is used fraudulently and your pension check goes to someone else's account. By then, you're already behind and having to play defense while trying to clean up the mess caused by the "hack."

So what's a person to do? Burn all your internet-connected devices and keep your pension savings in box under your bed?

Umm, no.

After all, without internet, how would you read this blog and learn all this profound information? Besides, that ship has sailed. You pretty much don't have a choice but to accept that online banking and automated deposits are non-negotiable ways of doing business anymore.

Really about the only thing you can do is be vigilant. Do your best to protect your personal information. Cross your fingers that those institutions that do have your information keep it safe, and maybe try to do business only with the ones that seem to have a handle on that kind of security (although, as we've seen, nothing is really "safe" these days).

Also, keep an eye on your accounts and your credit reports (now you know why there's so many ads for free credit report services). Luckily for me, I'm like 60 years from being able to retire so I don't have to worry about monthly pension checks. Instead, I protect my identity by living paycheck to paycheck which requires me to check my bank account at least every biweekly payday to make sure I'm not completely broke and can afford to pay bills this month. I know about how broke I should be after each bill-paying session so I'd notice if there were fraudulent charges on any of my accounts.

Maybe that's the key to preventing identity theft: be broke all the time.

You know, maybe I'm on to something here. Maybe congress should pass a law that requires anyone who steals an identity has to steal ALL OF IT. Not just the assets, but the debts too. The entire net worth.

Oh you stole my identity, jackass? Great! It's yours now. You just earned yourself a hundred grand worth of debt, bitch!

Maybe that'd at least make these "hackers" think twice about who's identities they're taking. If an ounce of prevention is worth a pound of cure, what's a hundred grand of debt worth? I'd like to think it's worth looking for someone else to steal from.

And if it is, I'm gonna go buy something expensive. On credit. You know, for my protection.

Enjoying these articles? Subscribe here and Feedburner will deliver Outdoor Executive Dad updates right to your inbox. No hacking required.