A data breach has occurred at Blue Sky Group (BSG), the administrator of the IFF Pension Fund, after hackers gained access to a mailbox via a phishing email. In addition, personal data of pensioners was almost certainly leaked, but perhaps also of participants who do not yet receive a pension.
After the discovery, BSG closed the leak and took measures to prevent a recurrence. The data breach has been reported to the Dutch Data Protection Authority (AP) and a report to the police is currently being prepared. All participants will be informed about the leak and its possible consequences.
No money or data is missing, but there is a chance that stolen personal data will be used for phishing activities. The board of the IFF Pension Fund asks you to be extra vigilance to e-mail traffic, telephone conversations, other text messages and events that may be suspicious and possibly lead to fraud. Never respond to “requests to provide login codes, requests for money transfers” or other attempts at misuse of identity. The IFF Pensioenfonds and BSG will never ask for passwords, login codes or transfer money by e-mail, telephone or otherwise.
BSG has tightened up its supervision of all activities related to the administration of pensions. The nature of the leaked data is now largely known.
BSG and IFF Pensioenfonds deeply regret that this incident occurred. For questions or additional information, you can contact BSG on working days from 8 a.m. to 7 p.m. via (020) 426 62 50 or datalek@blueskygroup.nl. You will find more information on the website www.blueskygroup.nl.
Some of you recently received a letter with a wrong website address. Please consider it unsent. You will receive the correct letter with the information on the data breach shortly. Our apologies for this mistake.