Information on TIAA Kaspick Cyberattack

The University of Florida Foundation was notified on Thursday, June 29, of a global security breach that compromised the personal information of a small number of individuals. We are still collecting details of the incident, but the following is what we currently know:

  • One of the UF Foundation’s third-party vendors, TIAA Kaspick partner Pension Benefit Information (PBI), was a victim of a cyberattack that compromised sensitive personal information — names, Social Security numbers and dates of birth — of a small number of UF donors.
  • TIAA Kaspick, a recognized industry leader, is a service provider for the UF Foundation, performing services related to trust and annuity gifts for the benefit of the University. TIAA Kaspick partners with Pension Benefit Information (PBI) to provide these services.
  • The data was stolen from PBI by exploiting a software program used by PBI that held sensitive data.
  • Affected individuals will receive written notification from PBI.
  • There is no indication that UF was the target of the attack; more than 16 million people worldwide have been affected by this breach.
  • A federal investigation into the incident is ongoing.

We take immense pride knowing that donors trust us to manage gifts to the university with the utmost professionalism and integrity. More information concerning the breach will be posted here as it comes available.

In the meantime, please email the UF Foundation at if you have any questions.


How does the UF Foundation determine who can access donor information?
The UF Foundation maintains the Data Sharing & Application Policy (3.16) to govern the use of alumni and donor data across the university. Vendor partnerships are evaluated on a case-by-case basis, taking into the account the business purpose. The Foundation’s computer services and legal teams review all contract documents. All vendor partners are required to execute a confidentiality agreement.
Is there additional information that TIAA Kaspick has access to at risk?
TIAA Kaspick has reviewed its systems and believes it is not susceptible to the security vulnerability associated with this security incident. No information was obtained from TIAA Kaspick’s systems and TIAA Kaspick systems are not threatened.
Was the UF Foundation the only organization impacted?
No. Thousands of organizations worldwide were impacted.
Who can I contact if I have questions?
Please email