Regulation and Compliance Litigation

TIAA Hit With Second Class-Action Suit Over MOVEit Hack

News September 01, 2023 at 01:27 PM
Share & Print

TIAA has been hit with a second lawsuit over a data breach related to the cyberattacking exploiting MOVEit file-transfer software.

The first suit was filed on Aug. 8 in the U.S. District Court for the Southern District of New York, on behalf of former and current employees of companies that used TIAA to process benefits.

Plaintiff Steven Teppler, and the proposed other class members, filed the second suit Thursday in the same district court.

The suit "seeks to hold TIAA responsible for the injuries TIAA inflicted on Plaintiff and approximately 2.4 million similarly situated persons … due to TIAA's impermissibly inadequate data security, which caused the personal information of Plaintiff and those similarly situated to be exfiltrated by unauthorized access by cybercriminals" on May 29.

At least 1,006 organizations have reported MOVEit-related breaches as of Aug. 28, according to KonBriefing Research. Those reports have affected more than 49 million people.

The cybercriminals who breached the file transfer software are said to be part of the Cl0P crime group.

The suit contends that "prior to and through the date of the Data Breach, TIAA obtained Plaintiff's and Class Members' [personally identifiable information] and then maintained that sensitive data in a negligent and/or reckless manner," and that "as evidenced by the Data Breach, TIAA inadequately maintained its network, platform, software, and technology partners— rendering these easy prey for cybercriminals."

Plus, the suit states, "the risk of the Data Breach was known to TIAA," and "Thus, TIAA was on notice that its inadequate data security created a heightened risk of exfiltration, compromise, and theft."

After the data breach, the suit states, "TIAA failed to provide timely notice to the affected Plaintiff and Class Members — thereby exacerbating their injuries."

Ultimately, according to the suit, "TIAA deprived Plaintiff and Class Members of the chance to take speedy measures to protect themselves and mitigate harm. Simply put, TIAA impermissibly left Plaintiff and Class Members in the dark — thereby causing their injuries to fester and the damage to spread."

When TIAA "finally notified Plaintiff and Class Members of their PII's exfiltration, TIAA failed to adequately describe the Data Breach and its effects," the suit maintains.

As alleged in suits against other firms, the plaintiffs contend that their personal identifying information, like names and Social Security numbers, have been exposed, and that "armed with the PII stolen in the Data Breach, criminals can commit a litany of crimes."

Today, the suit states, "the identities of Plaintiff and Class Members are in jeopardy — all because of TIAA's negligence. Plaintiff and Class Members now suffer from a heightened and imminent risk of fraud and identity theft and must now constantly monitor their financial accounts."

TIAA did not respond to a request for comment.

(Image: Shutterstock) 

NOT FOR REPRINT

© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.

Related Stories

Morgan Stanley: Advisor Who Left for Raymond James Solicited Another Rep's Clients Fidelity Resolves Reg BI Suit With Fired Advisor Ex-Wells Fargo Rep Gets 3 Years in Prison for $4M Health Care Scheme Ex-Branch Manager Accuses Wells Fargo of 'Extreme and Outrageous' Conduct JPMorgan Goes After Ex-Broker for Taking Clients to Morgan Stanley Vanguard to Pay $40M in Target-Date Sell-Off Case

Resource Center

Can Systematic Risk Be Reduced? link

Guide

Can Systematic Risk Be Reduced?

The Business Model Playbook: Mastering Technology for Firm Success link

Playbook

The Business Model Playbook: Mastering Technology for Firm Success

Harnessing AI to Power Advisor-Client Relationships link

White Paper

Harnessing AI to Power Advisor-Client Relationships