Clop Conquers Cybervershin Under Tiaa’s Watch

Tiaa Data Breach: Millions of Customers’ Information Compromised

July 25, 2022

Another organization has reported that the Clop hackers group fell victim to the Moveit hacks. Tiaa (Teachers Insurance and Annuity Association) confirmed on Friday that personal data of over 2.63 million customers had been stolen.

Only three weeks ago, Tiaa claimed to have minimized the impact of the attack. Chad Peterson, spokesperson of Tiaa, stated on July 4, “There was no leakage of any information from TIAA systems, and the systems themselves were not affected by the vulnerability of Moveit Transfer.”

However, Peterson now admitted that the information provided by Tiaa to third parties might have been compromised. He stated, “We did not observe any unusual activity associated with this.”

Consequently, Tiaa seemingly abandoned its previous optimistic stance and filed an application with Maine authorities, acknowledging that the personal information of 2,630,717 people, including 17,640 state residents, could have been stolen by the Clop hackers group.

Moveit Transfer is a file management software. The attackers exploited a vulnerability in the code that should have already been fixed, granting them unauthorized access.

This vulnerability involves an injection of structured queries (SQL, Structured Query Language), a common type of error utilized in the execution of malicious programs. It allows for easy manipulation of files and internal storage facilities.

Tiaa is a Fortune 500 company that provides financial services to approximately five million pensioners and professionals in the academic education, medical, scientific, and public administration sectors. Established in 1918, the company serves clients across more than 15,000 institutions, with total assets estimated at around $1.3 trillion.

/Reports, release notes, official announcements.