An anonymous reader quoted a TechCrunch report: Two American schools confirmed that TIAA, a non-profit organization that provides financial services to individuals in academic fields. MOVEit was caught in mass hacks targeting file transfer devices. Middlebury College in Vermont and Trinity College in Connecticut have both issued security notices confirming that they experienced data breaches due to a security breach caused by the Teachers Insurance and Annuity Association of America, or TIAA. According to its website, TIAA serves more than five million active and retired employees participating in more than 15,000 institutions and manages $1.3 trillion in assets in more than 50 countries.
Both security announcements confirm that TIAA was affected by widespread exploitation by hackers of a flaw in MOVEit Transfer, an enterprise file transfer tool made by Progress Software. According to Brett Callow, a risk analyst for Microsoft, including the US Department of Health and Human Services (HHS) and Siemens Energy, this mass hack has killed more than 160 victims so far. Only 12 of these victims have confirmed the number of victims, which already includes more than 16 million individuals.
While TIAA has notified the affected schools of the security incident, the organization has yet to officially acknowledge the incident. In response to a Twitter user who questioned the company’s silence, TAA said its offices were closed. It is not yet known how many organizations were affected by the cyber attack on TAA. The Russian-linked Klopp ransomware group that claimed responsibility for the MOVEit cyberattacks has yet to be listed on the dark web by TIAA.