TIAA-CREF not true to their word?

08:42 PM EDT on Thursday, May 12, 2005

By ANNA CROWLEY / 6NEWS

6NEWS

TIAA-CREF thanked 6NEWS for bring errors in this statement to their attention

6NEWS uncovered new information Thursday about the way TIAA-CREF handled the security breach at its Charlotte firm when the investment giant discovered they hired a woman who had already been accused of pulling off a $200 million heist.

It was that same woman who had access to some of the company's most sensitive customer information.

TIAA-CREF is best known for managing the retirement of the national teachers and professors.

September 16, 2004 Sonia Howe Radencovich pleaded guilty to federal charges in Connecticut. Eleven days later, Radencovich was back in Charlotte. She walked into investment giant TIAA-CREF and started a new job.

No one at TIAA-CREF realized who she was or that Radencovich had just admitted to federal racketeering and money laundering charges and that after she was to complete her three month assignment at TIAA-CREF, she would report to a federal prison in West Virginia.

Two months into the job, Radencovich ran into someone who knew all about her past. By then TIAA-CREF said she had already downloaded sensitive data on 100 customers.

The breach didn't make the news for months. When it did, the company released a statement.

"As soon as the contract worker's identify became known she was dismissed and escorted from the premises, and her laptop confiscated and searched," the statement from TIAA-CREF said.

A lawsuit, obtained by 6NEWS, tells another story. Instead of calling the FBI about the breach, TIAA-CREF called in attorneys and their own private investigators. They asked Sonia to turn over her lap top. She refused and denied any wrongdoing.

The quick glance she eventually gave them only made TIAA-CREF more interested.

The company sued to find out what she had on that computer.... saying that given her criminal history "there is the great likelihood the defendant will further use, transfer, disclose, or destroy TIAA-CREF’s confidential and other proprietary information."

More than a week after Radencovich left TIAA-CREF; she still had not turned over her laptop. TIAA-CREF refused to say when they finally got the chance to fully examine her computer.

What Radencovich did with that sensitive customer information after her identity was discovered….it is likely no one will ever truly know for sure.

6NEWS also learned that Radencovich did not just allegedly download information on her laptop, but on two USB drives as well. TIAA-CREF did get access to her laptop, but they did not tell 6NEWS if they had access to the USB drives. Experts said that's a big problem.

As for TIAA-CREF’s original statement that they discovered Radencovich’s identity, escorted her from the building, and confiscated her laptop, the company said the statement is an innocent mistake and they thank 6NEWS for bringing attention to the inaccuracy.

TIAA-CREF adds there is no evidence that any fraud has been committed with the stolen information.