Clop conquered another cybertop – this time under the gun TIAA organization

Another organization informed that she was the victim of an attack by a group of hackers Clop as a result of hacking the MOVEit platform. TIAA (Teachers Insurance and Annuity Association) admitted on Friday that the data of more than 2.63 million of its customers have been stolen.

Just three weeks ago, the TIAA said they had managed to minimize the impact of the attack. “No information was leaked from TIAA’s systems, and the systems themselves were not affected by the MOVEit Transfer vulnerability,” spokesman Chad Peterson said on July 4.

However, Peterson now admits that information provided to the organization by third parties may have been compromised: “We did not observe any unusual activity related to this.”

As a result, TIAA appears to have backed off from its earlier optimistic stance, filing a complaint with Maine state officials stating that the personal information of 2,630,717 people, including 17,640 residents of the state, may have been stolen by Clop.

MOVEit Transfer is a file transfer management software. A vulnerability in the code, which should have already been fixed, allowed the attackers to gain access to these data.

This vulnerability is a Structured Query Language (SQL) injection, a type of bug often used to inject malware. This makes it very easy to manipulate files and internal storage.

TIAA is a Fortune 500 company that provides financial services to approximately five million retirees and professionals in academia, medicine, science, and government. Founded in 1918, it serves its client base in over 15,000 institutions. The association’s assets were recently valued at around $1.3 trillion.