TIAA.org 2023 Data Breach

TIAA MOVEit Vendor Breach (2023): ~2.5M Retirement Clients' SSN, DOB & Home Address Exposed via PBI/Clop | ObscureIQ
ObscureIQ Breach Intelligence

Classification Tags

Cl0pWeb Application ExploitFinancialDate of BirthFull NameGenderPhysical AddressSocial Security Number
High SeverityWebsite / service breach

TIAA MOVEit Vendor Breach (2023): ~2.5M Retirement Clients' SSN, DOB & Home Address Exposed via PBI/Clop

Financial services organization focused on retirement, investment, and insurance products.

Verified by ObscureIQ Intelligence
60/100Breach Risk Index
33Data Value
25Market Recency
602dSince Breach

Breach Intelligence Summary

Entity: TIAA.org · Actor: Cl0p · Sources: 2 references
Attack: Web Application Exploit
Profile: Financial institution · Retirement and financial services · Investment and pension provider · USA
Timeline: Breach (2023-05-31) · Year (2023)
Exposure: 2.5M records · 5 fields: Date of Birth, Full Name, Gender, Physical Address, Social Security Number
Status: Confirmed

Executive Summary

In late May 2023, the Cl0p ransomware group exploited a zero-day vulnerability in the MOVEit Transfer software (CVE-2023-34362) used by TIAA's third-party vendor, PBI Research Services, exfiltrating data on approximately 2.3-2.6 million TIAA clients (the record reflects 2,464,625). Exposed data included names, Social Security numbers, dates of birth, addresses, and gender. TIAA notified affected individuals about six weeks later and offered 24 months of credit monitoring and identity restoration; a class-action lawsuit followed. This was a supply-chain/vendor breach, not a direct compromise of TIAA systems. (A separate, smaller incident exposed workforce data for ~23,000 employees.)

ObscureIQ assessment: Severe risk. Exposure enables retirement-account fraud, identity theft, benefits abuse, and targeted scams against people with stable long-term assets.

Breach Impact

The exposure of Social Security numbers, dates of birth, names, and addresses for roughly 2.5 million TIAA clients creates severe, long-horizon identity-theft and synthetic-identity-fraud risk, made more acute because the affected population tends to hold stable long-term retirement assets attractive to fraudsters. The vendor origin (PBI/MOVEit) also highlights third-party supply-chain risk in financial services, and the incident drew significant litigation and regulatory attention.

About TIAA.org

TIAA (Teachers Insurance and Annuity Association of America) is a large U.S. financial-services organization providing retirement, investment, and insurance products, primarily serving people who work in the academic, research, medical, cultural, and nonprofit fields. Founded in 1918 and headquartered in New York, it administers retirement accounts, pensions, and annuities, maintaining highly sensitive identity, employment, beneficiary, and financial records for millions of participants.

Why They Hold Your Data

Retirement and investment providers collect highly sensitive identity, employment, beneficiary, account, pension, and financial records across long-term savings and benefits administration systems.

Recent Developments

The exposure stemmed not from a direct compromise of TIAA but from its third-party vendor PBI Research Services during the 2023 MOVEit zero-day campaign. TIAA notified affected individuals (criticized for a roughly six-week delay), offered 24 months of credit monitoring and identity restoration, and faced a class-action lawsuit. A separate, much smaller incident exposed workforce data for roughly 23,000 employees.

Data Points Exposed

5 verified field types
Date of Birth High
Full Name High
Gender
Physical Address High
Social Security Number Critical

Field names are shown in full for clarity and search visibility. Canonical machine keys are emitted only in this page’s structured data.

Exploitation & Downstream Threats

Threat Activity:Critical
Primary downstream threats:
  • Identity theft and synthetic identity construction using SSN, DOB, name, and address
  • Retirement- and pension-account fraud and targeted scams against long-term savers
  • Identity verification bypass using name + date of birth
  • Targeted phishing and vishing impersonating TIAA or its vendors
  • Doxxing and physical targeting from exposed home addresses
Threat vectors:
  • Full identity theft & synthetic identity fraud
  • Retirement & investment account fraud
  • Identity verification bypass
  • Name-based social engineering
  • Physical stalking, mail fraud & identity verification
  • Home targeting, stalking & physical threat

Threat Actor: Cl0p

Cl0p
Web Application Exploit

Attribution and method are based on available breach intelligence. Reported attack vector: Web Application Exploit.

Recommended Actions

If you believe your information may be included:

Protect Your ID Documents
Government-ID exposure enables document fraud — monitor and report misuse.
Enable MFA Everywhere
Turn on multi-factor authentication on email first, then financial accounts.
Report & Recover
If you spot misuse, start an official recovery plan and report fraud.

Frequently Asked Questions

What happened in the TIAA.org breach?

In late May 2023, the Cl0p ransomware group exploited a zero-day vulnerability in the MOVEit Transfer software (CVE-2023-34362) used by TIAA's third-party vendor, PBI Research Services, exfiltrating data on approximately 2.3-2.6 million TIAA clients (the record reflects 2,464,625). Exposed data…

What data was exposed?

Verified fields include Date of Birth, Full Name, Gender, Physical Address, Social Security Number.

What should I do if I was affected?

Change reused passwords, enable MFA, and (if identity or financial data is involved) freeze your credit and monitor your accounts.

Sources & References

Every claim on this page is traceable. This breach draws on:

Breach Index
DataBreach.com
Record & field corroboration
ObscureIQ Intelligence
ObscureIQ proprietary analysis
Risk Index scoring & downstream-threat assessment

Protect Yourself

Check If You're Affected

Enter your email to check whether your data appears in this breach. We’ll send a 6-digit code to confirm it’s your address.

Get Free Breach Alerts

Be the first to know when new breaches are disclosed. Free forever — confirm your email with a 6-digit code.

High-Risk? Get an Exposure Audit

Executives, public figures, and high-visibility operators can receive tailored exposure intelligence and hardening guidance.

Request Consultation