Committed to protecting your data – now and always

Protecting your data

Securing your accounts

Providing customer assurance*

Your information
Play video
Cybersecurity Overview

We protect your personal information

  • TIAA's Security Operations Center provides fast, accurate, thorough and non-stop protection from cyber attacks
  • Stringent security patching practices address vulnerabilities that attackers try to exploit
  • Data loss prevention controls help ensure data doesn't fall into the wrong hands
  • Robust supplier risk management practices help ensure our suppliers adhere to our expectations
Your accounts

Accounts are protected from unauthorized access

TIAA's log-in security strategy provides faster and more accurate prevention and detection of cybercriminal access techniques.

  • 24x7 security monitoring alerts us to potential issues
  • Industry threat intelligence helps us stay ahead of attacks
  • Established technologies provide efficient prevention, detection and response
  • Multifactor authentication (MFA) is always on to help ensure only you can log into your account

Something you know

Like your username, password, SSN or date of birth

Something you have

Like your registered laptop, smartphone or tablet PC

Something you are

Like voice, facial or fingerprint biometrics

Best Practices - TIAA is going passwordless

TIAA is now offering more secure passwordless access option.

TIAA is going passwordless! That’s right…by making the decision to go passwordless, you will limit the hassle of resetting forgotten passwords. Instead, you will have the opportunity to create a passkey that is unique to your specific device which you can use each time you access your account.

In reality, passwords put you more at risk due to the use of the same password for multiple accounts, especially if your password is ever stolen. Removing the need to use a password will add security to your account and better protect your TIAA assets.

If you choose to go passwordless, the experience is easy. Once prompted, you’ll be guided through a few simple steps to create your passkey using the biometric capabilities of your device.

Once you have created your passkey you now have a simpler, safer, and more seamless way to access your accounts.

For more information on how to stay safe online visit tiaa.org/security.

Further strengthen your authentication

Additional verification factors can be added for increased account security.

Add a Trusted Contact

A Trusted Contact is someone age 18 or older who you know and trust who will act as a point of contact should we become concerned about your well-being, whereabouts, or in extreme circumstances, where we suspect you may be the victim of fraud or exploitation.

Assurance

TIAA provides assurance if an incident occurs

You are reimbursed for any loss due to unauthorized access.*

  • View TIAA's Customer Protection Policy
  • State and Federal law-based incident response and notifications
  • Credit monitoring and identity theft repair if your data is breached
  • Regulatory oversight, independent audit and certification of alignment with industry expectations
Resources

Resources to protect your online interactions

Strengthen your defenses against cybercriminals by increasing awareness and remaining vigilant.

Report a security concern

Suspicious account activity

Let us know about unauthorized access, issues with your balance, or other security issues.


Call us at 800-842-2252, weekdays, 8 a.m. – 10 p.m. (ET)

Suspicious email

To report a suspicious email, please email us at abuse@tiaa.orgOpens Email.

Resources

We gathered a list of fraud investigative agencies, major credit bureaus and other resources.Opens dialog

Responsible Disclosure policy**

If you are a security researcher and believe you have identified a vulnerability affecting TIAA, please submit a report here.Opens in a new window For other technology related security issues, you can contact us at security@tiaa.orgOpens Email

*Our practice is to reinstate a client's TIAA account in full if there is a loss that is determined to be the result of unauthorized activity through no fault of the client.

**You are about to leave TIAA’s website and access a website that is unaffiliated with TIAA.  TIAA does not assume responsibility or liability for the content or privacy policies of external sites.

4003664-0526