Pension Benefit Information Notifies TIAA of MOVEit Data Breach Affecting Over 2.6 Million | Console and Associates, P.C. - JDSupra

Pension Benefit Information Notifies TIAA of MOVEit Data Breach Affecting Over 2.6 Million
LinkedIn
Facebook
Twitter
Send
Embed
On July 14, 2023, Teachers Insurance and Annuity Association of America (“TIAA”) filed a notice of data breach with the Attorney General of Maine after discovering that MOVEit, a file transfer program used by one of TIAA’s vendors, contained a vulnerability allowing unauthorized actors to access confidential information. In this notice, TIAA explains that the incident resulted in an unauthorized party being able to access consumers’ sensitive information, which includes their names and Social Security numbers. Upon completing its investigation, TIAA began sending out data breach notification letters to all individuals whose information was affected by the recent data security incident.

If you received a data breach notification from Teachers Insurance and Annuity Association of America, it is essential you understand what is at risk and what you can do about it. While TIAA didn’t use MOVEit, Pension Benefit Information, a third-party vendor used by TIAA, used the program to transfer confidential information provided to TIAA. This necessarily exposes affected parties to an increased risk of identity theft and other frauds. A data breach lawyer can help you learn more about how to protect yourself from becoming a victim of fraud or identity theft as well as discuss your legal options following the TIAA data breach. For more information, please see our recent piece on the topic here.

What Caused the Data Breach Affecting TIAA and Its Customers?
The TIAA / PBI data breach was only recently announced, and more information is expected in the near future. However, TIAA’s filing with the Attorney General of Maine provides some important information on what led up to the breach. According to this source, TIAA relies on certain services provided by other organizations. One of these companies is Pension Benefit Information. To allow PBI to perform these services, TIAA provides PBI with certain confidential information belonging to those who have a relationship with TIAA.

On May 31, 2023, Progress Software, the creator of MOVEit, announced a zero-day vulnerability within the MOVEit program. This vulnerability enabled hackers to access organizations’ MOVEit servers, including PBI’s. Because PBI was in possession of confidential information provided to the company by TIAA, certain individuals who have a relationship with TIAA had their information exposed to unauthorized access.

After learning that sensitive consumer data was accessible to an unauthorized party, PBI reviewed the compromised files to determine what information was leaked and which consumers were impacted. While the breached information varies depending on the individual, it may include your name and Social Security number. PBI then informed TIAA of the incident.

On July 14, 2023, TIAA sent out data breach letters to anyone who was affected by the recent data security incident. Again, none of TIAA’s computer systems were affected by the PBI data breach; all leaked information was stored on PBI’s MOVEit server.

More Information About Teachers Insurance and Annuity Association of America
Founded in 1918 and based in New York City, New York, the Teachers Insurance and Annuity Association of America is a provider of financial services in the academic, research, medical, cultural and governmental fields. TIAA operates its major operations out of offices in Denver, Colorado; Charlotte, North Carolina; and Dallas, Texas. TIAA employs more than 15,800 people and generates approximately $40 billion in annual revenue.