TIAA and TIAA Life are notifying customers about a cybersecurity incident involving Infosys McCamish Systems (IMS), one of their administrative support providers. The incident occurred between October 29 and November 2, 2023, when an unauthorized party gained access to IMS systems and data. After discovering the breach on November 2, IMS enlisted a third-party cybersecurity expert to investigate and contain the issue, and additional security measures were implemented. IMS completed the restoration of its services by December, ensuring no further unauthorized access.
Following a detailed investigation, IMS determined that certain personal information may have been exposed. While neither TIAA nor IMS have found evidence of fraudulent use of the affected data, the compromised information may have included sensitive details such as names, addresses, and other personal identifiers. To mitigate any risks of identity theft or fraud, TIAA is offering customers complimentary identity monitoring services through Kroll for two years. The monitoring includes credit monitoring, fraud consultation, identity theft restoration, and a $1 million fraud loss reimbursement.
TIAA has recommended that customers take proactive steps to protect their personal information. They advise reviewing credit reports and account statements for any unauthorized activity, enrolling in the identity monitoring services, and remaining cautious of suspicious communications. Customers are also advised not to respond to unsolicited calls, emails, or texts from individuals claiming to represent TIAA or IMS, as these could be phishing attempts. TIAA assures customers that it is working closely with IMS to prevent similar incidents from occurring in the future.
For additional support, TIAA has provided a dedicated call center through Kroll to assist affected individuals. Customers can contact Kroll for any questions related to the incident or the monitoring services available to them. TIAA has apologized for the concern and inconvenience caused by the incident and continues to prioritize the security of their customers’ personal information. The company has also outlined steps that individuals can take to safeguard their identity and credit moving forward.
Reference:
