diff --git a/input_data/financial_institutions.sql b/input_data/financial_institutions.sql
index d29c191..69eece2 100644
--- a/input_data/financial_institutions.sql
+++ b/input_data/financial_institutions.sql
@@ -120,7 +120,9 @@ insert into fiTbl (name,url,lst_kind,notes) values ('TD Ameritrade (TDA)','https
    ' and led to ransom demands and pump ''n'' dump stock scams; Scottrade also had a '||
    '[data breach in 2015](https://web.archive.org/web/20201123223450/https://fortune.com/2015/10/02/scottrade-data-breach), 2 years before TDA acquired it');
 
-insert into fiTbl (name,url,antitor,notes) values ('TIAA-CREF','https://tiaa-cref.org',1,'Whole site is Tor-hostile; uses Ally Bank for banking; uses Pershing LLC (a subsidiary of BNY Mellon Corp) for clearing');
+insert into fiTbl (name,url,antitor,notes) values ('TIAA-CREF','https://tiaa-cref.org',1,
+   'Whole site is Tor-hostile; uses Ally Bank for banking; uses Pershing LLC (a subsidiary of BNY Mellon Corp) for clearing;'||
+   ' BNY Mellon was [breached in 2008](https://web.archive.org/web/20160308134258/www.wctv.tv/news/headlines/28132494.html)');
 
 insert into fiTbl (name,url,aws,notes) values ('TradeStation','https://www.tradestation.com',1,
    'crypto; min. invest=$500 ($2k for bonus); open/close fee= $0/0; commission=$0.50/option trade; commission=$0-5/stock trade');
@@ -188,6 +190,7 @@ insert into fiTbl (fi_kind,name,url,cispa,dt,aws,notes)                  values
   'transactional site identity.metlife.com is not AWS');
 insert into fiTbl (fi_kind,name,notes)                                   values ('insurer','N&D Group','no website, only an access-restricted Facebook page');
 insert into fiTbl (fi_kind,name,url,antitor,aws,alec,foxnews,cispa,dt)   values ('insurer','Nationwide','https://nationwide.com',1,1,1,1,1,1);
+insert into fiTbl (fi_kind,name,url,aws,dt,notes)                        values ('insurer','New Jersey Manufacturers (NJM)','https://www.njm.com',1,1,'despite the name they are not limited to New Jersey');
 insert into fiTbl (fi_kind,name,url,antitor,dt)                          values ('insurer','Pemco','https://pemco.com',1,1);
 insert into fiTbl (fi_kind,name,url,antitor,foxnews,dt)                  values ('insurer','Progressive','https://progressive.com',1,1,1);
 insert into fiTbl (fi_kind,name,url,antitor,notes)                       values ('insurer','Safe Auto','http://www.safeauto.com',1,
diff --git a/usa_brokerages.md b/usa_brokerages.md
index 29c3174..80f6e2d 100644
--- a/usa_brokerages.md
+++ b/usa_brokerages.md
@@ -52,7 +52,7 @@ These brokerages have severe ethical or trust issues and should be boycotted:
 |Sogotrade|n|n|🌩|n|n||
 |Stockpile|n|n|🌩|n|n||
 |TD Ameritrade (TDA)|n|n|n|n|n|Majority owned by Charles Schwab, a firm that [supports](usa_banks.md) republicans, CISPA, drug tests their staff, and treats Tor users with hostility (but note that TDA functions over Tor). Schwab outsources banking operations to PNC bank, which is [quite evil](usa_banks.md); [uses MS Github](https://github.com/TDAmeritrade/stumpy) to host s/w; TDA has had several [data breaches](https://www.zdnet.com/article/report-td-ameritrade-data-leak-started-in-2005), one occurance of which leaked email addresses [impacting 6.2 million customers](https://web.archive.org/web/20130501215431/www.computerworld.com/s/article/9037083/TD_Ameritrade_was_warned_of_possible_data_breach_months_ago);  and led to ransom demands and pump 'n' dump stock scams; Scottrade also had a [data breach in 2015](https://web.archive.org/web/20201123223450/https://fortune.com/2015/10/02/scottrade-data-breach), 2 years before TDA acquired it|
-|TIAA-CREF|n|👁|n|n|n|Whole site is Tor-hostile; uses Ally Bank for banking; uses Pershing LLC (a subsidiary of BNY Mellon Corp) for clearing|
+|TIAA-CREF|n|👁|n|n|n|Whole site is Tor-hostile; uses Ally Bank for banking; uses Pershing LLC (a subsidiary of BNY Mellon Corp) for clearing; BNY Mellon was [breached in 2008](https://web.archive.org/web/20160308134258/www.wctv.tv/news/headlines/28132494.html)|
 |Tradingblock|n|n|🌩|n|n||
 |Wealthfront|n|n|n|n|n|**forced h/reCAPTCHA**; Registration imposes Google reCAPTCHA; [caught](https://www.jpost.com/Breaking-News/US-regulator-sanctions-robo-advisers-Wealthfront-Hedgeable-on-false-disclosures-575044) making false disclosures and [charged](https://www.eastbaytimes.com/2018/12/21/bay-area-robo-adviser-firm-wealthfront-charged-by-sec-with-false-advertising) for false advertising.|
 |Wealthsimple|n|n|🌩|n|n||
diff --git a/usa_insurance_companies.md b/usa_insurance_companies.md
index 546aa0e..efdd0e9 100644
--- a/usa_insurance_companies.md
+++ b/usa_insurance_companies.md
@@ -25,6 +25,7 @@ These insurers would normally be blacklisted, but due to the short whitelist the
 |Horace Mann|n|n|n|n|🧪|no website, only an access-restricted Facebook page|
 |[MetLife](https://www.metlife.com)|n|n|n|🕵|🧪|**Amazon AWS-hosted**; transactional site identity.metlife.com is not AWS|
 |[National General](https://www.nationalgeneral.com)|n|n|n|n|🧪|formerly GMAC|
+|[New Jersey Manufacturers (NJM)](https://www.njm.com)|n|n|n|n|🧪|**Amazon AWS-hosted**; despite the name they are not limited to New Jersey|
 |[Selective](https://www.selective.com)|n|n|n|n|🧪|pushes CloudFlare javascript, but apparently execution is optional.|
 |[Shelter Insurance](https://web.archive.org/web/shelterinsurance.com)|n|n|n|n|🧪|CloudFlare name server is used, which means they can trivially flip a switch to become a CF site.|
 |[Stewart Information Services Corporation](https://www.stewart.com/en.html)|n|n|n|n|🧪|**Amazon AWS-hosted**|