Teacher retirement fund TIAA impacted by MOVEit vulnerability

Middlebury College in Vermont and Trinity College in Connecticut have both confirmed that TIAA, a nonprofit financial services organization catering to individuals in academic fields, was affected by mass-hacks targeting MOVEit file transfer tools.

TIAA, which serves over five million active and retired employees across 15,000 institutions and manages $1.3 trillion in assets globally, experienced the breach due to hackers exploiting a vulnerability in the MOVEit Transfer tool developed by Progress Software.

TIAA stated that although it wasn't directly impacted by MOVEit, one of its third-party vendors, Pension Benefit Information (PBI), which handles auditing and beneficiary location services, was affected.

TIAA clarified that no information was obtained from its systems, and there was no risk to TIAA accounts.

Trinity College mentioned that while its own systems were unaffected, TIAA notified them of potential file impacts, as Trinity shares student employee data, including Social Security numbers and dates of birth, with TIAA.

Middlebury College also received a notification from TIAA stating that college data had been exposed in the cyberattack, affecting students, faculty, and staff, although the specific types of compromised data were not disclosed.

Middlebury College was also impacted by a MOVEit attack on National Student Clearinghouse, leading to student data exposure. TIAA has privately informed the affected schools but has not publicly acknowledged the incident.