Breach cyber

TIAA-CREF Life Insurance Company

May 29, 2023 1 min read
TIAA-CREF Life Insurance Company

The Washington State Office of the Attorney General reported a data breach involving TIAA-CREF Life Insurance Company on August 2, 2023. The breach occurred between May 29, 2023, and May 30, 2023, affecting the personal information of 904 Washington residents, including names, Social Security numbers, dates of birth, addresses, and gender. The breach resulted from unauthorized access to MOVEit Transfer software by a third party.

Source: https://www.atg.wa.gov/data-breach-notifications | https://data.wa.gov/resource/sb4j-ca4h.json?id=15464

TPRM report: https://www.rankiteo.com/company/tiaa

"id": "tia437072825",
"linkid": "tiaa",
"type": "Breach",
"date": "5/2023",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
{'affected_entities': [{'customers_affected': 904,
                        'industry': 'Financial Services',
                        'location': 'Washington',
                        'name': 'TIAA-CREF Life Insurance Company',
                        'type': 'Insurance Company'}],
 'attack_vector': 'Unauthorized Access',
 'data_breach': {'number_of_records_exposed': 904,
                 'personally_identifiable_information': True,
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': ['names',
                                              'Social Security numbers',
                                              'dates of birth',
                                              'addresses',
                                              'gender']},
 'date_detected': '2023-08-02',
 'date_publicly_disclosed': '2023-08-02',
 'description': 'The Washington State Office of the Attorney General reported '
                'a data breach involving TIAA-CREF Life Insurance Company on '
                'August 2, 2023. The breach occurred between May 29, 2023, and '
                'May 30, 2023, affecting the personal information of 904 '
                'Washington residents, including names, Social Security '
                'numbers, dates of birth, addresses, and gender. The breach '
                'resulted from unauthorized access to MOVEit Transfer software '
                'by a third party.',
 'impact': {'data_compromised': ['names',
                                 'Social Security numbers',
                                 'dates of birth',
                                 'addresses',
                                 'gender']},
 'initial_access_broker': {'entry_point': 'MOVEit Transfer software'},
 'references': [{'date_accessed': '2023-08-02',
                 'source': 'Washington State Office of the Attorney General'}],
 'threat_actor': 'Third Party',
 'title': 'Data Breach at TIAA-CREF Life Insurance Company',
 'type': 'Data Breach',
 'vulnerability_exploited': 'MOVEit Transfer software'}
Published by
Jeremy C
Jeremy C
You might also like
Breach cyber

Gainsight

public 2 min read
Gainsight experienced a security breach involving its Salesforce-connected app, where suspicious activity was detected. While the company’s CEO, Chuck…
Jeremy C Jeremy C
Breach cyber

Gainsight

public 2 min read
Gainsight, a customer success platform, suffered a breach linked to its Salesforce-connected app, initially flagged by Salesforce due to unusual…
Jeremy C Jeremy C
Breach cyber

Gainsight

public 2 min read
Gainsight, a customer success management software firm, experienced a breach in its systems that compromised Salesforce customer tokens. The incident…
Jeremy C Jeremy C
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.