Government pension fund systems offline for months after ransomware attack

The Government Employees Pension Fund (GEPF) suffered a cyberattack in February 2024, and it only expects to restore its self-service functionality by 21 June 2024.

A notice published on the GEPF’s social media pages says the self-service functionality on its web platform and app was still offline due to the data breach at the Government Pensions Administration Agency (GPAA).

“The GPAA has determined that a total rebuild of the platforms is necessary to ensure a stronger platform,” it said.

It is expected that the rebuilt platforms will be operational by 21 June.

“Members and pensioners are requested to visit the GEPF’s offices and call the call centre at 0800 117 669 for any inquiries about their pension until the systems are fully restored,” the GEPF said.

“We appreciate your patience and understanding as we work diligently to enhance our systems to serve you better.”

This will leave little time before the two-pot distribution, which will take effect on 1 September 2024.

It is expected to bring a flood of claims from qualifying government employees to withdraw funds.

The GEPF shut down its systems in late February 2024 following a GPAA security breach.

It said no data was compromised during the breach and that payments were unaffected. However, several of its systems remained offline.

MyBroadband asked about the outage at the time, and it explained that it shut down its systems as a prevention measure.

“There was no outage. However, the systems were shut down by our administrator as a security measure due to an attempt to gain unauthorised access to our systems,” it said.

The claim that no data was compromised was false. Ransomware gang LockBit released a 668GB archive it said contained data it stole from the agency in March 2024.

The GPEF released a statement shortly afterwards saying it was “extremely concerned” to hear about the data breach.

It said its administrator, the GPAA, had told it no data breach had occurred.

The Government Employees Pension Fund’s latest notice on the status of its systems

“The GEPF is extremely concerned with this alleged security breach, as it was informed by GPAA that no data breach had occurred when it was notified of an attempt to gain access to GPAA systems by unknown individuals on 16 February 2024,” it said.

“The GPAA subsequently established that this was an attempt by the ransomware group LockBit.”

LockBit dumped the data on the dark web on 11 March 2024. The group had given the GPAA until then to pay its extortion demands.

The LockBit group sells ransomware as a service (RaaS) software that malicious actors can buy to carry out attacks.

The software encrypts the victim’s data to demand a ransom. It also enables them to steal data before encrypting it so they can threaten to leak it publicly if their demands aren’t met.

Despite its initial claims of no outage, the GEPF systems were still offline in mid-April 2024.

When the system is down, government employees cannot log into the GEPF website or its smartphone app, leaving them clueless about the latest value of their pensions.

Several MyBroadband readers detailed the issue they experienced when attempting to access the system.

“We are still not able to log into the GEPF website and the cell phone apps. If you phone them, they won’t give pension statements. They don’t even reply to emails regarding statements,” one reader said.

“No government employee is able to see what their pension is sitting at.”

Latest news

Partner Content

Show comments


Share this article
Government pension fund systems offline for months after ransomware attack