TIAA Hit With Another Class-Action Suit Over MOVEit Hack

Further, the suit states, “the risk of the Data Breach was known to TIAA,” and “Thus, TIAA was on notice that its inadequate data security created a heightened risk of exfiltration, compromise, and theft.”

After the data breach, the suit states, “TIAA failed to provide timely notice to the affected Plaintiff and Class Members — thereby exacerbating their injuries.”

Ultimately, according to the suit, “TIAA deprived Plaintiff and Class Members of the chance to take speedy measures to protect themselves and mitigate harm. Simply put, TIAA impermissibly left Plaintiff and Class Members in the dark — thereby causing their injuries to fester and the damage to spread.”

When TIAA “finally notified Plaintiff and Class Members of their PII’s exfiltration, TIAA failed to adequately describe the Data Breach and its effects,” the suit maintains.

As alleged in suits against other firms, the plaintiffs contend that their personal identifying information, like names and Social Security numbers, have been exposed, and that “armed with the PII stolen in the Data Breach, criminals can commit a litany of crimes.”

Today, the suit states, “the identities of Plaintiff and Class Members are in jeopardy — all because of TIAA’s negligence. Plaintiff and Class Members now suffer from a heightened and imminent risk of fraud and identity theft and must now constantly monitor their financial accounts.”

TIAA did not respond to a request for comment.