TIAA-CREF E-Mail Breach

Attention all TIAA-CREF Retirement Plan Participants:


You should be receiving an important notice this morning via email from TIAA-CREF informing you that an unauthorized person from Epsilon, a vendor TIAA-CREF uses to send out mass emails, accessed a file containing first names, last names, and email addresses of some TIAA-CREF participants.  Please be assured that your TIAA-CREF accounts remain secure and have not been compromised.   However, affected participants may see more spam emails and phishing* attempts due to this breach.


Below are some additional precautions TIAA-CREF recommends participants follow:

  • Do not give your TIAA-CREF user ID or password in email.
  • Do not respond to emails that require you to enter personal or financial information directly into the email.
  • Do not reply to emails asking you to send personal information.
  • Do not use your email address as a login ID or password.
  • Do not respond to emails threatening to close your account if you do not provide personal information.


RCUH System Security


Additionally, RCUH employees should rest assure that all best practice security measures are taken to protect RCUH from attacks that could create similar data breaches that occurred with Epsilon.  We continuously re-evaluate these best practices for areas of improvement based on constantly evolving security threats.


Should you have any questions, please contact Kristen Stevens at (808)956-6979.






*phishing – A way of attempting to acquire sensitive/confidential information such as usernames, passwords, and financial banking information (i.e., account numbers, routing numbers, credit card numbers, etc.) by masquerading as your banking institution in an electronic communication.