Wednesday, February 21, 2024

Creating liberating content

The World’s First Malaria...

Malaria expert Brian Greenwood had once resigned himself to the possibility that...

Business travel management platform...

TravelPerk, a business travel management platform targeted at SMEs, has raised $105...
HomeTechnologySchools say US...

Schools say US teachers’ retirement fund was breached by MOVEit hackers


Two U.S. schools have confirmed that TIAA, a non-profit organization that provides financial services for individuals in academic fields, has been caught up in the mass-hacks targeting MOVEit file transfer tools.

Middlebury College in Vermont and Trinity College in Connecticut both released security notices confirming they experienced data breaches as a result of a security incident at the Teachers Insurance and Annuity Association of America, or TIAA. According to its website, TIAA serves over five million active and retired employees participating at more than 15,000 institutions and manages $1.3 trillion in assets in more than 50 countries.

Both of the security notices confirm that TIAA was affected by hackers’ widespread exploitation of a flaw in MOVEit Transfer, an enterprise file transfer tool developed by Progress Software.

The mass-hack has so far claimed more than 160 victims, according to Emsisoft threat analyst Brett Callow, including the U.S. Department of Health and Human Services (HHS) and Siemens Energy. Only 12 of these victims have confirmed the number of people affected, which already adds up to more than 16 million individuals.

Trinity College, which uses TIAA as the record keeper for its annuity plan, said in a statement that while its own systems were unaffected by the MOVEit hack, “TIAA, with whom Trinity shares student employee data, has announced that its files may be impacted.” Trinity said that it shared Social Security numbers and dates of birth with TIAA.

Middlebury College said it had also been notified by TIAA, with whom it shares personally identifiable information, that data belonging to the college had been exposed due to the cyberattack. While it hasn’t confirmed exactly what types of data were accessed, Middlebury said it notified college “students, faculty, and staff” whose information may have been compromised in the breach.

Middlebury confirmed it was also impacted by a MOVEit attack on National Student Clearinghouse, which resulted in the exposure of student data.

While TIAA notified affected schools of its security incident, the company has yet to publicly acknowledge the incident. In response to a Twitter user questioning the company’s silence, TIAA responded saying that its offices were closed. TIAA has not responded to TechCrunch’s questions.

It’s not yet known how many organizations have been impacted as a result of the cyberattack on TIAA. TIAA has not yet been listed on the dark web leak site of the Russia-linked Clop ransomware gang, which has claimed responsibility for the ongoing MOVEit cyberattacks.





Source link

Continue reading

The World’s First Malaria Vaccine Program for Children Starts Now

Malaria expert Brian Greenwood had once resigned himself to the possibility that a successful vaccine for the disease might not become available in...

Business travel management platform TravelPerk raises $105M

TravelPerk, a business travel management platform targeted at SMEs, has raised $105 million in a fresh equity-based round of financing led by SoftBank’s...