The intrusion occurred sometime between Feb. 21 and Feb. 23 and involved a hacker who used 'sophisticated hacking tools' to break through several layers of security after accessing the server hosting the database via the software flaw, said Joyce Goldberg, a GTA spokeswoman.

Goldberg refused to name the security vendor whose software was exploited, citing an ongoing investigation. She added, however, that the vulnerability exploited by the hacker had already been publicly disclosed by the vendor,

'We were in the midst of fixing the flaw that the software vendor had identified. But the hacker got in before we were able to do that,' she said. 'Shortly after the breach, we saw some unusual activity, and in looking at that, we discovered the breach.'

Goldberg declined to elaborate on what that unusual activity was.

The breached server contained information on a total of eight pension plans administered by the state. The core database itself was managed by the state Employees Retirement System, though the server it was hosted on was administered by the GTA.