Delivering service
Delivering service
The Cayman Islands Chamber of Commerce Pension Plan is committed to being a responsible custodian of the information you provide to us and the information we collect in the course of operating and providing our pension services.
On 13 November 2020 we became aware that during a routine upgrade of the software used by the Plan’s administrator MUFG, a configuration error meant that certain members were able to access limited member details not related to their own accounts through the self-service portal. MUFG took immediate steps to close down the portal to all members while this system error was investigated.
We are very sorry that this has happened and would like to share the following information to reassure all members that their personal information remains secure. There is no action you need to take, but if you have any further questions or concerns please contact us at 345-943-9125 or 345-943-9130 or by email to pensions@chamberpension.ky
The member registry system used to administer the Chamber Pension Plan is facilitated by MUFG as administrator for the plan.
On 7 November 2020, MUFG engaged a third party provider to migrate the registry system software to the latest version. As part of the migration, the employer/employee self-service portal was disconnected from the old version of the software and connected to the updated version. An error in the configuration of the self-service reports available through the portal following the software update meant that certain members were able to access limited member details not related to their own accounts during the five day period from 8 to 13 November 2020.
MUFG has identified that 13 members accessed the online portal and generated either a pdf, csv or excel export of the List of Employees by Employers which was available to them.
Those reports contained the following information:
During the same period, 15 members attempted to generate the Employer Statement in either pdf, csv or excel. However, only five of those members selected a date range that produced reports for the following periods:
1-Jan-20 |
7-Nov-20 |
1-Jan-19 |
31-Dec-19 |
30-Mar-20 |
11-Nov-20 |
1-Jan-20 |
11-Nov-20 |
30-Jun-20 |
11-Nov-20 |
Those employer reports contained:
One member generated both the employee report and the employer statement.
No bank information, credit or debit card information, contact information, pension balance information, beneficiary information or other personal information was accessed.
There is no action that you need to take.
There is no evidence that any member accounts have been compromised by an external third party. We have put in place additional monitoring measures and will contact you immediately if there is any unusual activity with your account.
Although the risk of identity theft or financial fraud is extremely low based on the information that was accessed, we are offering all members the option to sign up to a third party identity fraud monitoring service at no direct cost to the members. Please email admin@pensions.ky by January 31, 2021 if you would like us to subscribe on your behalf.
Additional security verification measures have been introduced for all members for telephone enquiries and password resets. We are working alongside MUFG and their provider to ensure that the systems are tested and operational as soon as possible, and also to understand how such an incident came about and what can be done to prevent it in future.
The root cause of this incident has been confirmed as a configuration issue and this is being resolved. An external, independent security assessment will then be conducted to verify that the issue has been resolved successfully.
If you have any additional questions please contact us at 345-943-9125 or 345-943-9130 or send an email to pensions@chamberpension.ky