We regret to inform you that the administrator of your pension fund, Blue Sky Group, has unfortunately been affected by a data breach. This means that personal data has unintentionally fallen into the hands of people outside Blue Sky Group. In this news release we would like to inform you about this issue. As well as about the (possible) consequences and what you can do to protect your data.
Nature of the data breach
Currently it is almost certain that the groups affected by this data breach are pension receiving participants or participants who applied for value transfer. The leaked data concerns names, participant numbers, bank accounts and pension benefits amounts. Based on current research it is unlikely that participants who are not receiving pension yet were affected by this data breach. Nonetheless we share this information with all participants.
The data breach was caused by malicious persons who were able to gain access to a mail box by means of a phishing e-mail. After discovery, we closed the breach and took immediate measures to prevent any recurrence. We have also tightened our supervision of all activities related to the administration of your pension. The data breach has been reported to the Dutch Data Protection Authority and a report to the police is currently being prepared.
(Possible) consequences
As part of our duty of care, we feel obliged to notify you of the data breach. Please be extra alert to any possible attempt of fraud using your personal information. In particular, be extra alert with regard to e-mail traffic, telephone calls, other text messages or events that could be suspicious and could lead to fraud. For example, if you receive requests to state your log in code, or transfer money. Given the nature of the personal data leaked, the possibility of identity fraud is limited.
What can you do to prevent fraud?
The basic rules that will assist you and us to prevent fraud are:
- Carefully check the e-mail address, the identity of the server and for any spelling errors. Criminals may try to present themselves as Blue Sky Group or your pension fund;
- Blue Sky Group and your pension fund will never ask for passwords by e-mail or ask you to provide notification of changes by e-mail (including of course requests to transfer money);
- If in doubt, contact us to check whether an e-mail is authentic;
- Report phishing and any other fraudulent activities to us, so that we can take further measures accordingly.
Information on this is also available at https://mijn.overheid.nl/veiligheid.
Notification of all our participants is one of the measures we, together with your pension fund, have taken to limit the consequences of this data breach. If we have a new update on the data breach that may be relevant to you, we will contact you again.
Blue Sky Group deeply regrets this data breach and we apologise for this lapse, and any trouble that it may cause you.
Questions?
If you have questions or would like more information, we will be pleased to help. You can contact us on business days between 08.00 am and 19:00 pm on (020) 426 62 50 or by e-mail to datalek@blueskygroup.nl. You can find more information on this issue (and on your pension) on this website.
FAQ
Based on the questions we have received and the information we currently have, we have drawn up a list of the most frequently asked questions and answers. If there is reason to do so, we will expand this list.
Blue Sky Group (BSG) takes care of, among other things, our pension administration, answers your pension questions, collects the pension premium from your employer and arranges your pension benefit. The records show, among other things, since when you joined the pension scheme, how much pension you have accrued and your address details. This only contains information that is necessary to properly administer your pension rights.
Employers are legally obliged to accommodate the pension scheme for their employees outside their own company. This way, the pension is safe if the employer gets into financial trouble. Your pension fund works together with BSG for this.
There was a data breach at our pension administration organization Blue Sky Group after malicious persons were able to gain access to a mailbox via a phishing email. This means that personal data has come into the hands of people outside Blue Sky Group without intention.
This almost certainly concerns data such as names, bank account and policy numbers and pension amounts of participants who receive a pension or participants for whom a value transfer has taken place. It follows from a preliminary analysis that no personal data has been leaked from participants who have not yet retired.
There is a possibility that those who have obtained certain personal data, will try to impersonate someone else. They can use this to approach companies or banks, for example. All companies are very aware of that these days.
Another possibility is that they approach you by email or telephone, pretending to be Blue Sky Group or your pension fund. From the preliminary analysis, it appears that your phone number or email address is not in the files. It is important to keep in mind the usual rules of thumb in this area:
The rules of thumb that can help you and us to prevent fraud are:
- Pay close attention to the email address, sender and spelling mistakes. Criminals can impersonate Blue Sky Group or your pension fund.
- Blue Sky Group or your pension fund never asks for passwords or changes by e-mail or telephone (including transferring money).
- Do not transfer money to other account numbers than you did before and do not share confidential information by e-mail.
- If in doubt, please contact us to verify that a request or email is authentic.
Report phishing and any other fraudulent activity to us so that further action can be taken.
No, your pension is not at risk. You don't have to worry about this. They had no access to the administration.
No data has disappeared. All your data is still available to us, so that we can continue to do our work for you. However, this data may have been copied and in the hands of malicious parties.
It is not necessary to change your password. Passwords are not part of the leak.
Blue Sky Group, our pension administrator, has reported the incident to the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) and filed a report with the police.
It is not possible to remove your personal data from our administration. We need your data for the implementation of the pension scheme.
We don't know who the hackers are. We are not in contact with them.
All data that may have been leaked will be analysed. Blue Sky Group has engaged a specialized research agency for this.
Blue Sky Group, our pension administrator, has taken a series of measures to minimize the chance of a recurrence.