Helpful Articles

Console & Associates, P.C.: MOVEit Vulnerability Results in TIAA Data Breach Impacting 2.6 Million People

The Teachers Insurance and Annuity Association of America, also known as TIAA, has suffered a major data breach. The news comes from a notice of data breach the organization filed with the Attorney General of Maine on July 14, 2023. According to the details of the notice, this is another breach related to the MOVEit file transfer program. While TIAA’s network was not breached, one of its vendors used the MOVEit tool and suffered from a day-zero vulnerability in May. According to the TIAA data breach investigation, the leak includes the names and Social Security numbers of 2.6 million people.

If you’re associated with the Teacher’s Insurance and Annuity Association of America, you may receive a data breach notification letter from them. It’s vital that you keep this letter somewhere safe, read it in detail. This may include issuing a credit freeze and monitoring your financial accounts. If you still have questions or want to consider seeking compensation through a TIAA data breach lawsuit, call our data breach lawyers at 866-778-5500 or send us an email to

To learn more about the TIAA data breach, read our blog post here:

The Cause of the TIAA Data Breach

The origin of the TIAA data breach starts on May 31, 2023, when the MOVEit data breach first became public knowledge. This was the day the creator of the tool announced a day-zero vulnerability that had compromised the data of companies using the tool.

Pension Benefit Information (PBI) handles the sensitive data of many large corporations and organizations such as TIAA, and it uses MOVEit to transfer these files securely. Shortly after Progress Software announced the vulnerability, PBI began discovering that the data of many of its corporate clients had been compromised.

From here, they informed the clients and, in turn, the TIAA data breach investigation began. Now, the organization is among the latest to publicize that they and their associates are victims of the MOVEit leak. To date, over ten million people have been confirmed as impacted and new reports continue to come in.

For TIAA, this breach meant the loss of data for 2.6 million people associated with the organization. Roughly six weeks after the original breach, the organization publicized the event and began sending out data breach letters to those whose names and/or Social Security numbers were compromised.

If you received such a letter, take care to read it in detail and verify that your SSN and name were leaked. Victims can and should opt into 24 months of Experian Identityworks credit protection services, courtesy of TIAA. It will help protect you from identity theft in the short-term, and won’t take away from your right to pursue compensation in court. You can find the answers to your questions and learn your rights by scheduling a free consultation with the data breach lawyers of Console & Associates, P.C.

Background Information on TIAA

The Teachers Insurance and Annuity Association of America is a New York City-based organization dating back to 1918. It provides financial services in various public fields, such as academia, culture, and governmental services. The company also covers financial services related to the research and medical fields. The organization has major operations in Colorado, North Carolina, and Texas, counts almost 16,000 among its employees, and has an annual revenue of approximately $40 billion.


If TIAA and PBI mishandled your data or otherwise contributed to this data breach, you may be entitled to damages. A TIAA data breach lawsuit could potentially include damages for financial loss, time spent dealing with identity theft risks, and emotional suffering. Call 866-778-5500 or send us an email to, and we’ll help you schedule a consultation with our TIAA data breach lawyers. Learn your rights and decide if legal action is the right choice for you.

About the Author
Richard Console
Posted - 07/25/2023