TIAA latest big firm to report data breach and hack

TIAA latest big firm to report data breach and hack
“Data security remains a top priority at TIAA," says company spokesperson.
OCT 02, 2024

TIAA, the retirement giant for university professors and other non-profits, is the latest big firm to report clients’ private information that has been targeted as a result of hackers.

According to the Maine Attorney General’s office in a posting on its website last Friday, TIAA reported a data breach that affected 8,977 customers, with 81 being Maine residents.

TIAA has $1.2 trillion in client assets, according to the company’s website.

The data breach occurred on October 29, 2023, and was reported four days later, with the incident described as an “external system breach” or “hacking” on the Maine Attorney General’s website that lists such incidents.

According to a letter to TIIA clients, the cybersecurity incident occurred at Infosys McCamish Systems, or IMS, one of TIAA and TIAA Life’s administrative support services providers.

“Between October 29, 2023, and November 2, 2023, IMS was impacted by a cybersecurity incident in which an unauthorized party gained access to IMS systems and data,” according to the letter., which was signed by Ali Iqbal, president, TIAA-CREF Life Insurance Co. “On November 2, 2023, IMS became aware of the incident and retained a third-party cybersecurity expert to investigate and assist with containment.”

In the form letter, the information about what specific TIAA client information was at risk is not listed. TIAA has provided clients with two years of free identity monitoring services, according to the letter.

“Infosys McCamish Systems notified TIAA that some TIAA and TIAA Life retail customers - not institutional plan participants - were impacted during McCamish’s November 2023 cybersecurity incident,” a TIAA spokesperson wrote in an email. “There was no involvement whatsoever of TIAA’s systems or recordkeeping platform.”

“We have alerted those affected customers, and IMS has secured Kroll’s services to provide identity monitoring services at no cost to them,” the spokesperson wrote. “Data security remains a top priority at TIAA.”

Data breaches that potentially clients’ private information at risk are becoming a fact of life across the financial services industry. Interactive Brokers and JP Morgan Chase this year reported compromised sensitive financial information.

“Firms must take preventive measures with technological and physical control over data,” said Lisa Roth, president, Monohan & Roth, a compliance consulting firm. “Then comes a lot of training of advisors to be wary of off channel communications and other pathways hackers can enter through.”

“Also, breach reporting is extremely important,” Roth said. “Firms must have that stipulation in any contract with a third party vendor, consultant or CRM provider.”

Latest News

SEC bars ex-broker who sold clients phony private equity fund
SEC bars ex-broker who sold clients phony private equity fund

Rajesh Markan earlier this year pleaded guilty to one count of criminal fraud related to his sale of fake investments to 10 clients totaling $2.9 million.

The key to attracting and retaining the next generation of advisors? Client-focused training
The key to attracting and retaining the next generation of advisors? Client-focused training

From building trust to steering through emotions and responding to client challenges, new advisors need human skills to shape the future of the advice industry.

Chuck Roberts, ex-star at Stifel, barred from the securities industry
Chuck Roberts, ex-star at Stifel, barred from the securities industry

"The outcome is correct, but it's disappointing that FINRA had ample opportunity to investigate the merits of clients' allegations in these claims, including the testimony in the three investor arbitrations with hearings," Jeff Erez, a plaintiff's attorney representing a large portion of the Stifel clients, said.

SEC to weigh ‘innovation exception’ tied to crypto, Atkins says
SEC to weigh ‘innovation exception’ tied to crypto, Atkins says

Chair also praised the passage of stablecoin legislation this week.

Brooklyn-based Maridea snaps up former LPL affiliate to expand in the Midwest
Brooklyn-based Maridea snaps up former LPL affiliate to expand in the Midwest

Maridea Wealth Management's deal in Chicago, Illinois is its first after securing a strategic investment in April.

SPONSORED How advisors can build for high-net-worth complexity

Orion's Tom Wilson on delivering coordinated, high-touch service in a world where returns alone no longer set you apart.

SPONSORED RILAs bring stability, growth during volatile markets

Barely a decade old, registered index-linked annuities have quickly surged in popularity, thanks to their unique blend of protection and growth potential—an appealing option for investors looking to chart a steadier course through today's choppy market waters, says Myles Lambert, Brighthouse Financial.