Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
×
Education Security

Schools Say US Teachers' Retirement Fund Was Breached By MOVEit Hackers (techcrunch.com) 15

An anonymous reader quotes a report from TechCrunch: Two U.S. schools have confirmed that TIAA, a nonprofit organization that provides financial services for individuals in academic fields, has been caught up in the mass-hacks targeting MOVEit file transfer tools. Middlebury College in Vermont and Trinity College in Connecticut both released security notices confirming they experienced data breaches as a result of a security incident at the Teachers Insurance and Annuity Association of America, or TIAA. According to its website, TIAA serves mire than five million active and retired employees participating at more than 15,000 institutions and manages $1.3 trillion in assets in more than 50 countries.

Both of the security notices confirm that TIAA was affected by hackers' widespread exploitation of a flaw in MOVEit Transfer, an enterprise file transfer tool developed by Progress Software. The mass-hack has so far claimed more than 160 victims, according to Emsisoft threat analyst Brett Callow, including the U.S. Department of Health and Human Services (HHS) and Siemens Energy. Only 12 of these victims have confirmed the number of people affected, which already adds up to more than 16 million individuals.

While TIAA notified affected schools of its security incident, the organization has yet to publicly acknowledge the incident. In response to a Twitter user questioning the organization's silence, TIAA responded saying that its offices were closed. It's not yet known how many organizations have been impacted as a result of the cyberattack on TIAA. TIAA has not yet been listed on the dark web leak site of the Russia-linked Clop ransomware gang, which has claimed responsibility for the ongoing MOVEit cyberattacks.

This discussion has been archived. No new comments can be posted.

Schools Say US Teachers' Retirement Fund Was Breached By MOVEit Hackers

Comments Filter:
  • by fropenn ( 1116699 ) on Friday June 30, 2023 @05:34PM (#63647366)

    response to a Twitter user questioning the organization's silence, TIAA responded saying that its offices were closed

    ...they could have notified the hackers that they were closed?

  • The number of leaks from big "data transfer" services like Accellion and MOVEit leaves me wondering why not fall back to mailing disk drives? With what Elon Musk just did to Twitter it looks like posting the entire dataset into tweets would be safer than using these services.
    • Becaure some data needs to get from point a to point b within minutes. Not the hours or days it would take to ship, fly or drive from point a to point b
      • This is what sftp, scp, and SSH are good for. Alice's has a machine on her DMZ, forwarding a port via autoSSH to a cloud based VM where traffic prices are low. Bob also forwards his SSH port to that machine. All versions of SSH use key only authentication, and the VM is protected by network ACLs to only allow SSH from Alice and Bob's IP address ranges. From there, ssh -j is used to copy files.

        As an additional precaution, files can be encrypted and signed, and the signature verified on the recipient's s

        • by tlhIngan ( 30335 )

          This is what sftp, scp, and SSH are good for. Alice's has a machine on her DMZ, forwarding a port via autoSSH to a cloud based VM where traffic prices are low. Bob also forwards his SSH port to that machine. All versions of SSH use key only authentication, and the VM is protected by network ACLs to only allow SSH from Alice and Bob's IP address ranges. From there, ssh -j is used to copy files.

          OK, not convince an IT department to do just that. And assume the firewall only allows port 80 and 443 through, and

          • by ctilsie242 ( 4841247 ) on Friday June 30, 2023 @11:55PM (#63647904)

            Windows has SSH built in these days. GNU Privacy Guard isn't, but done right, that might not have to be used. With just that, and some Powershell scripting, one could do file transfers between two orgs.

            For hosting uploads and downloads, just the fact that MoveIT has so much internal access is just asking for issues. Even something like an Avid appliance (long since gone) where it would allow users to upload/download to the appliance, which was on the DMZ would be better. Yes, one couldn't just send a file from their desktop, but allowing a direct channel from an internal desktop to/from an external user is asking for a compromise, without something like a hop box or a FTP appliance. No, it isn't point and click easy, but it would greatly reduce the available attack surface.

            Even IBM has dedicated file transfer appliances which would be functionally similar to MoveIT, but because they work as proxies between an external user and an internal, they add value when it comes to security.

  • Did the hackers wear their teacher-demanded face guards & masks while stealing that retirement data-money?

    /sarcasm

  • Everybody knows these have been compromised for many years so no company or government organization uses them for authentication any more. If they were still using them then there would be class action lawsuits, right?
    • Ever since the Equifax breach that revealed the name, SSN, and DOB of 147M US citizens (just over half of Americans), 15M British citizens, and 19k Canadian citizens.
  • The developers and marketers of any defective software that allowed hackers to gain access should be held criminally and legally responsible. This would result in the use of tighter code and safer programming practices. In virtually any other market defective products are recalled with reimbursement and the purchasers of these products have legal resources to recover their losses.
  • I didn't realize the fund changed names. It's confusing as it now conflates the org and the fund.
  • I recommend this highly reputable company, Wizard Withney Blockhair Service , To anyone looking to recover lost money in the form of cryptocurrency coins from online fraudsters, wallet hackers, or BTC sent to incorrect addresses. After I gave this recovery specialist all the pertinent information and conditions, they did an amazing job of aiding me in getting my BTC back . I'm relieved that I was able to make this much of a recovery after losing even more to the fictitious agent I first contacted. We can ne
  • It's not new that they are lots of black hat hackers out there looking for money to extort from people , i'm a teacher and i experienced lost of funds which i depended on to sort out bills. i went on quora and met "remotespyhacker at gm ail c om" everyone was saying good things about him so i texted him and followed his procedurs and that's how i got my money recovered. He offers many hacking services like recovery account, spy text messages, whatsapp. upgrade score and many more.
  • Get in touch with Remotespyhacker for all your hack related such as; Cloning, Tracking, Spying, Retrieving of deleted text messages, Upgrading of results, Hack social media accounts, Erase criminal record. His service is safe and secure. Get in touch with him via his email remotespyhacker @ gm ail com
  • Get in touch with Spyhackpro for all your hack related such as; Cloning, Tracking, Spying, Retrieving of deleted text messages, Upgrading of results, Hack social media accounts, Erase criminal record. His service is safe and secure. Get in touch with him via his email spyhackpro9 @ gmail com

Keep up the good work! But please don't ask me to help.

Working...