Cyber Threat Radar – TIAA, a leading retirement organization for university faculty and various non-profit entities, has become the most recent major company to disclose that clients’ confidential information has been compromised due to hacking activities. According to the company’s website, TIAA has $1.2 trillion in client assets.
The Maine Attorney General’s office announced on its website last Friday that TIAA experienced a data breach impacting 8,977 customers.
The data breach took place on October 29, 2023, and was reported four days afterward. The incident has been characterized as an “external system breach” or “hacking” on the Maine Attorney General’s website, which documents such occurrences.
Infosys McCamish Systems (IMS) Letter To TIAA Clients
A letter addressed to TIIA clients indicates that a cybersecurity incident took place at Infosys McCamish Systems (IMS), which serves as one of the administrative support service providers for TIAA and TIAA Life.
The letter signed by Ali Iqbal, president, TIAA-CREF Life Insurance Co. stated:
- IMS was impacted by a cybersecurity incident between October 29, 2023 and November 2, 2023, in which an unauthorized party gained access to IMS systems and data.
- IMS became aware of the incident on November 2, 2023 and retained a third-party cybersecurity expert to investigate and assist with containment.
- TIAA clients will be offered complimentary identity monitoring services for a duration of two years.
Information about what specific TIAA client information was at risk remains undisclosed.
“Data breaches that jeopardize clients’ private information have become a common occurrence in the financial services sector,” commented Liam Davenport, Enterprise Cybersecurity Solutions Director, SentryBay. “This year, several financial institutions have disclosed incidents involving the compromise of sensitive financial data. It is essential for firms to implement preventive strategies that include both technological safeguards and physical controls over their data.”
Armored Client From SentryBay
SentryBay’s Armored Client is the OEM at the heart of Citrix App Protection, and is now proven protection against infostealer malware for Microsoft AVD and W365 endpoints. The solution utilises endpoint access isolation to defend against data breaches in a manner which does not impact on performance and includes Keylogging and Screen Capture protection.