A new class action lawsuit has been filed against the Teachers Insurance and Annuity Association (TIAA) and its life insurance subsidiary, alleging the company failed to adequately secure clients’ personal data, leading to a data breach in 2023. The suit, led by plaintiff Sara Spohnheimer, claims that an unauthorized third party accessed personally identifiable information (PII) of both current and former clients, including names, phone numbers, Social Security numbers, email addresses, job titles, and even social media profiles.
Spohnheimer argues that TIAA “intentionally, willfully, recklessly, and/or negligently” neglected to implement reasonable security measures, exposing clients’ sensitive information and increasing their risk of identity theft and fraud. According to the complaint, PII from the breach is highly vulnerable to misuse, as such data can be sold on the dark web, with some personal details fetching prices between $40 and $200, while bank details can sell for as much as $2,000.
Spohnheimer also contends that, had she known TIAA would not secure her information adequately, she would not have entrusted the company with her sensitive data. The lawsuit alleges that TIAA failed to meet regulatory standards and industry best practices for data protection, despite the company’s responsibility to do so.
The class action seeks to represent U.S. residents affected by the breach. This is not the first class action TIAA has faced, as in 2021, the company settled a $97 million suit over allegations it misled consumers into transferring retirement savings into high-fee accounts. The lawsuit underscores the mounting concerns over data security in financial services, with affected clients encouraged to share their experiences.
Reference:
