On June 27, 2018, the State of Connecticut Treasurer’s Office announced that about $1.4 million had been stolen from Connecticut Higher Education Trust (CHET) college-savings accounts. This theft resulted from data security breaches that occurred in early June, 2018.

Connecticut State Treasurer Denise L. Nappier confirmed that TIAA-CREF Tuition Financing Inc. (TIAA-CREF), the CHET Direct program manager, disclosed that 44 unauthorized withdrawals, totaling $1,416,635, had been made from 21 CHET accounts. State and federal agencies are conducting a coordinated investigation into the data security breach.

CHET account data and online systems are housed at and maintained by TIAA-CREF and its third-party service providers. TIAA-CREF has agreed to fully restore all affected CHET accounts and provide two years of identity fraud protection and identity restoration services, as well as $1 million in identity theft insurance coverage for the affected customers. TIAA-CREF reported that $442,540 of the unauthorized withdrawals had been recovered so far. Given that less than .01 percent of the CHET accounts were affected, the CHET security breach illustrates how significant financial losses can occur even when a cyber-attack affects only a tiny fraction of customer accounts.

Treasurer Nappier stated that this data security breach was the “first time that we are aware of fraudulent account activity in CHET’s 20+ year history.” The length of time that passed before CHET experienced its first security data breach underscores the importance of data security protection procedures and shows that a past history of zero cyber-attacks does not eliminate the risk of financial losses from future cyber-attacks.

This article co-authored with guest blogger Samuel C. Maduabueke, a Robinson+Cole summer associate and student at the University Of Connecticut School of Law.

Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Norman Roos Norman Roos

Norman Roos, a member of Robinson+Cole’s Business Transactions Group, concentrates his practice on transactional, regulatory, and technology matters relating to the financial services and real estate industries. He is also a member of the firm’s Financial Services Cyber-Compliance Team and advises financial institutions…

Norman Roos, a member of Robinson+Cole’s Business Transactions Group, concentrates his practice on transactional, regulatory, and technology matters relating to the financial services and real estate industries. He is also a member of the firm’s Financial Services Cyber-Compliance Team and advises financial institutions concerning data privacy and security matters, particularly in relation to policy planning and implementation.

Mr. Roos is counsel to the Connecticut Mortgage Bankers Association, Inc., and is president-elect of the American College of Mortgage Attorneys where he has served on the Board of Regents and as Connecticut State Chair. A member of the Connecticut Bar Association, Mr. Roos is Past Chair of the Financial Institutions Law Section. He has served on a number of Connecticut Law Revision Study Committees including those on Uniform Common Interest Ownership Act, Electronic Communications, Mortgagor Liability, and Electronic Recording of Land Records. Read his full bio here.

Photo of Scott Baird Scott Baird

Scott M. Baird is an associate in the firm’s Business Transactions and Finance Groups, where his practice involves all aspects of corporate and securities law, including corporate governance, mergers and acquisitions, private equity and venture capital transactions, joint ventures, finance transactions, and securities…

Scott M. Baird is an associate in the firm’s Business Transactions and Finance Groups, where his practice involves all aspects of corporate and securities law, including corporate governance, mergers and acquisitions, private equity and venture capital transactions, joint ventures, finance transactions, and securities law and compliance. He focuses on new legislation as well as regulatory and compliance matters involving financial service institutions. Read his full rc.com bio.