Tiaa.org

TIAA, a major financial services provider, was impacted by the MOVEit Transfer cyberattack through its third-party vendor Pension Benefit Information. The breach exposed sensitive personal data of participants in retirement plans. The incident occurred due to a zero-day vulnerability in the MOVEit software which allowed unauthorized access to files containing client information during May 2023. Impacted data included identity details and social security numbers for millions of individuals across various academic and non-profit institutions.