News release

Update data breach: the investigation is still ongoing

14 September 2021

The pension fund previously informed you about the data breach at Blue Sky Group, our pension administration organisation. All data that may have been leaked will be analysed. Blue Sky Group has engaged a specialized research agency for this. This analysis takes time. So far, the analysis has not yielded any new information. If there is new information about the data breach that may be relevant to you, you will hear from us.

Nature of the data breach

As previously reported to you, the data breach almost certainly resulted in the leakage of personal data of participants who receive a pension or for whom a value transfer has taken place. This concerns data such as names, bank account and policy numbers and pension value. Given the nature of the leaked personal data, the chance of identity fraud is limited.

From a preliminary analysis follows that there is little chance that personal data of participants who have not yet retired have been leaked.

We ask you to be extra alert to suspicious phone calls, e-mails and letters. We repeat once again the rules of thumb that can help you and us to prevent fraud:

  • When you receive an email, pay close attention to the email address, the sender of the email, and spelling errors. Criminals can impersonate Blue Sky Group or your pension fund;
  • Blue Sky Group or your pension fund never asks for passwords or changes by e-mail or telephone (including transferring money);
  • When in doubt, please contact us to verify that a request or email is authentic
  • Report phishing and any other fraudulent activity to us so that we can take further action.

We will inform you if there is new information relevant to you

The specialized research agency analyzes all data that may have been leaked. So far, the analysis has not yielded any new information. If new information that is relevant to you emerges from the analysis, you will hear from us.

Do you have any questions?

We are happy to help you. You can reach us on workdays between 8.30 a.m. and 5 p.m. via 020 426 63 20 or pensioenservice@pensioenfondsstaples.nl

Want to know more?

Frequently Asked Questions

Based on the questions we have received and the information we currently have, we have drawn up a list of the most frequently asked questions and answers. If there is reason to do so, we will expand this list.

  • Blue Sky Group (BSG) takes care of, among other things, our pension administration, answers your pension questions, collects the pension premium from your employer and arranges your pension benefit. The records show, among other things, since when you joined the pension scheme, how much pension you have accrued and your address details. This only contains information that is necessary to properly administer your pension rights.

    Employers are legally obliged to accommodate the pension scheme for their employees outside their own company. This way, the pension is safe if the employer gets into financial trouble. Your pension fund works together with BSG for this.

  • There was a data breach at our pension administration organization Blue Sky Group after malicious persons were able to gain access to a mailbox via a phishing email. This means that personal data has come into the hands of people outside Blue Sky Group without intention.

  • This almost certainly concerns data such as names, bank account and policy numbers and pension amounts of participants who receive a pension or participants for whom a value transfer has taken place. It follows from a preliminary analysis that no personal data has been leaked from participants who have not yet retired.

  • There is a possibility that those who have obtained certain personal data, will try to impersonate someone else. They can use this to approach companies or banks, for example. All companies are very aware of that these days.

    Another possibility is that they approach you by email or telephone, pretending to be Blue Sky Group or your pension fund. From the preliminary analysis, it appears that your phone number or email address is not in the files. It is important to keep in mind the usual rules of thumb in this area:

    The rules of thumb that can help you and us to prevent fraud are:

    • Pay close attention to the email address, sender and spelling mistakes. Criminals can impersonate Blue Sky Group or your pension fund.
    • Blue Sky Group or your pension fund never asks for passwords or changes by e-mail or telephone (including transferring money).
    • Do not transfer money to other account numbers than you did before and do not share confidential information by e-mail.
    • If in doubt, please contact us to verify that a request or email is authentic.

    Report phishing and any other fraudulent activity to us so that further action can be taken.

  • No, your pension is not at risk. You don't have to worry about this. They had no access to the administration.

  • No data has disappeared. All your data is still available to us, so that we can continue to do our work for you. However, this data may have been copied and in the hands of malicious parties.

  • It is not necessary to change your password. Passwords are not part of the leak.

  • There are no risks for your own PC, laptop or tablet. 

    U loopt geen risico met uw eigen PC, laptop of tablet. Het datalek heeft plaatsgevonden op de servers van Blue Sky Group en niet op die van individuele deelnemers. Wel is het van belang om alert te blijven en niet in te gaan op vragen naar gebruikersnamen en wachtwoorden.

    Pensioenfonds Staples en Blue Sky Group vragen u nooit via mail of telefoon om uw gegevens te wijzigen en vragen nooit naar gebruikersnamen en wachtwoorden.

  • Blue Sky Group, our pension administrator, has reported the incident to the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) and filed a report with the police.

  • It is not possible to remove your personal data from our administration. We need your data for the implementation of the pension scheme.

  • We don't know who the hackers are. We are not in contact with them.

  • All data that may have been leaked will be analysed. Blue Sky Group has engaged a specialized research agency for this.

  • Blue Sky Group, our pension administrator, has taken a series of measures to minimize the chance of a recurrence.