Not enough plan sponsors and plan providers talk about cyberattacks and they should.

The massive MOVEit cyberattack breached the personal data of millions of participants in public pension and private-sector workplace retirement plans.

The cyber attack by the Russian ransomware gang Clop, exploited vulnerabilities in the MOVEit file transfer application used by Pension Benefit Information LLC and other vendors to securely transfer encrypted files.

The breach has impacted public pensions systems in at least 10 states, including the California Public Employees’ Retirement System, Sacramento, and California State Teachers’ Retirement System, West Sacramento, affecting almost 1.2 million participants and beneficiaries; retirement plans in Tennessee, Rhode Island, Virginia and others. Several record keepers were also affected by the hack, including Fidelity Investments, Teachers Insurance and Annuity Association of America, and Corebridge Financial, formerly AIG Life & Retirement.

To date, at least 3.8 million participants in public pension and private-sector retirement plans are known to have been affected.