401khelpcenter.com Logo

COLLECTED WISDOM™ on Cybersecurity Risks and Liabilities

This is a collection of articles, papers, and commentaries on cybersecurity risks and liabilities for employers, retirement plan sponsors and fiduciaries.

This archive contains not only the most current material on the topic, but also older items that are still relevant, provide background, perspective or are germane to the topic.

If you find a broken link or an items that you feel is outdate, irrelevant or no longer appropriate, please let us know.

To subscribe to our free weekly newsletter, enter your email address below then click the "Join" button.

Email Address:

NOTE: WE DO NOT SELL YOUR DATA OR EMAIL ADDRESS TO ANY ORGANIZATION.

    

DOL Steps Into the Cybersecurity Discussion

In the face of cybersecurity challenges, many plan sponsors and administrators have considered ways to mitigate risk. In recent years, it has been suggested that the DOL should provide its perspective on fiduciary responsibilities for cybersecurity. Until now, the DOL has been largely silent on these matters but has now stepped into the discussion with three pieces of guidance aimed at three different audiences.

Source: Erisapracticecenter.com, April 2021

Cybersecurity Program Best Practices

The DOL has prepared these best practices for use by recordkeepers and other service providers responsible for retirement plan-related IT systems and data, and for plan fiduciaries making prudent decisions on the service providers they should hire.

Source: Dol.gov, April 2021

Cybersecurity: New DOL Guidance for Retirement Plans

As part of its efforts to protect an estimated $9.3 trillion in retirement plan assets from increasing internal and external cybersecurity threats, the DOL has issued its first guidance ever concerning cybersecurity and retirement plans. The guidance is intended for three interested groups with a stake in retirement plan administration: the sponsors and fiduciaries of retirement plans, the entities providing administrative and other services to retirement plans, and plan participants and beneficiaries.

Source: Bradley.com, April 2021

DOL Issues First Ever Cybersecurity Guidance

The DOL issued guidance on cybersecurity for the first time to help plan sponsors, fiduciaries, service providers, and participants protect personal information and retirement assets. In the guidance, the DOL identifies evaluating cybersecurity practices as part of the plan sponsor's or other plan fiduciary's duty to prudently select and monitor plan service providers and states that ensuring proper mitigation of cybersecurity risks is a fiduciary obligation. The guidance is provided in three documents.

Source: Benefitsnotes.com, April 2021

DOL Issues Cybersecurity Best Practices for ERISA Covered Retirement Plans

The DOL issued much-anticipated cybersecurity guidance for employee retirement plans. This comes more than four and a half years after the ERISA Advisory Council, a 15-member body appointed by the Secretary of Labor to guide employee benefit plans, shared with the federal DOL some considerations concerning cybersecurity. The essence of the guidance is reviewed here.

Source: Benefitslawadvisor.com, April 2021

Protecting Balances From Cyber Thieves

Who exactly is responsible if a participant's balance is stolen? While that may not be exactly clear, a recent blog entry suggests that it may be prudent to take steps to protect participants' retirement accounts from cybercrime nonetheless.

Source: Asppa.org, April 2021

DOL Releases Cybersecurity Guidance for Plan Sponsors, Fiduciaries, Service Providers, and Participants

The DOL released a three-part guidance package on cybersecurity for plan sponsors, plan fiduciaries, service providers, and participants. This guidance comes on the heels of the Government Accountability Office report on cybersecurity risks for retirement plans released earlier this year. An EBSA news release accompanies the guidance release.

Source: Ascensus.com, April 2021

DOL Urged to Give Retirement Plans Cybersecurity Guidance

DOL officials told GAO that they believe cybersecurity is a serious problem for retirement plans, and the department plans to post sub-regulatory compliance assistance materials addressing related issues for plan sponsors and administrators. But the timing of DOL's coming cybersecurity guidance is uncertain. GAO's report did not recommend legislation, but lawmakers will likely assess the need for action after reviewing the DOL guidance.

Source: Mercer.com, April 2021

Employer 401k Cybersecurity Responsibilities

Protection of 401k plan participant balances against theft has become a major concern for all employer plan sponsors. What do plan sponsors need to do to meet 401k cybersecurity challenges? Read this to find out.

Source: Lawtonrpc.com, April 2021

401k Investors Vulnerable to Cyber Hacks, Watchdog Warns

Firms that oversee retirement plans hold sensitive data like Social Security numbers. A cyber attack could lead to identity theft or monetary loss for savers. And the DOL hasn't done enough to protect 401k savings and data from cyber attacks, according to a Government Accountability Office report.

Source: Cnbc.com, March 2021

GAO Turns to DOL for Additional Cybersecurity Guidance

The U.S. Government Accountability Office has released a report examining cybersecurity in private-sector defined contribution retirement plans and exploring how federal guidance can mitigate cybersecurity risks. The agency is asking the DOL to review its guidance on cybersecurity administration. The GAO report starts by reiterating that DC plans, plan sponsors, and their service providers share personally identifiable information and plan asset data, and therefore increase their risks of cyber hacks.

Source: Planadviser.com, March 2021

Cybersecurity Guidance for 401k Fiduciaries Is Lacking, GAO Says

The GAO concluded that plan sponsors, recordkeepers, and others have little to go on as far as guidelines from the Department of Labor and that it isn't clear whether fiduciaries have the responsibility to minimize cybersecurity risks.

Source: Investmentnews.com (registration may be required), March 2021

Cybertheft Lawsuit: Court Dismisses Fiduciary Breach Claims Against Plan Sponsor for a Second Time/a>

On February 8, 2021, in the latest turn in the saga of a closely-watched ERISA cybersecurity lawsuit, the Northern District of Illinois again dismissed fiduciary breach claims against Abbott Laboratories relating to the cyber theft of $245,000 from a participant’s account in Abbott Laboratories Stock Retirement Plan. The decision marks the second time the court has dismissed claims against Abbott Labs.

Source: Groom.com, March 2021

Another Lawsuit Concerning 401k Theft

Theft of 401k account balances by cybercriminals or other types of criminals is an actual thing and they will become more and more popular as long as third-party administrators fail in their role and don't use common sense. The latest lawsuit by Raymond J. Mandli and Mandli Communications, Inc. claims that the TPA, American Trust made an unauthorized distribution in the total amount of $124,105 from Mr. Mandli's plan.

Source: Jdsupra.com, March 2021

401k Cyber Theft - Who Is Responsible?

Can the plan sponsor be held responsible when an outside service provider honors a suspicious distribution request? Courts are now sorting out the issue of who is responsible when an impostor diverts a participant's retirement funds with fraudulent distribution requests, but every 401k provider service agreement should require the service provider to observe appropriate cybersecurity protocols concerning participant account information.

Source: Gct.law, February 2021

The New E-Delivery Rule: The Price of Simplification

The DOL has simplified the delivery of retirement plan information to participants through its new electronic disclosure rule. Although the E-Delivery Rule promises to expand the use of electronic delivery, retirement plans still retain a fiduciary duty to protect participants' personal information from cybertheft. Thus, retirement plans taking advantage of the new rule may face increased exposure to ERISA fiduciary breach claims alleging inadequate cybersecurity measures. This article discusses the DOL's E-Delivery Rule and the fiduciary considerations applicable to plans that rely on the new rule.

Source: Asppa.org, February 2021

Cybersecurity: A Plan Sponsor Obligation

A recently filed lawsuit against a trust company serving as a 401k plan trustee, the second of its kind in the last few months, highlights the need for plan sponsor diligence in protecting participant data and accounts in an increasingly electronic world. Cybersecurity is complex and is a subject that must be considered carefully, deeply, and periodically, just like the selection of investments and other operational issues of the plan you sponsor.

Source: Spotlightonbenefits.com, January 2021

Retirement Plan Trustee Faces Cybersecurity-Related Lawsuit

A plan sponsor is suing the trustee for its 401k plan for breaches of fiduciary duties related to a fraudulent distribution from a participant's account made in 2020. American Trust is the trustee for the Mandli Communications 401k Plan and Trust. One of the services it provides to the plan is reviewing and approving all distributions from the plan.

Source: Planadviser.com, January 2021

Fake 401k Distribution Request Triggers Suit

A new case of 401k theft has led to a lawsuit by the participant, and the plan, against a provider. The suit alleges that on Feb. 14, 2020, "American Trust made an unauthorized distribution in the total amount of $124,105 from Mr. Mandli's Plan account in response to a request for a distribution from an unknown third party."

Source: Asppa.org, January 2021

Cybersecurity for the Plan Sponsor From a Plan Auditor Perspective

Plan sponsors should now have on their priority list for 2021 the development of cybersecurity policies and procedures for both the company and the plan. Here are a few key items plan sponsors should consider including as they develop or update their company cybersecurity policy.

Source: Linkedin.com, December 2020

DOL Stepping Up Cybersecurity Focus

There's been increasing awareness -- and litigation -- regarding cybersecurity and participant accounts and the DOL has taken notice. Sources say that DOL plan audits are now asking to see employers' written cybersecurity policies and procedures and asking about cybersecurity attacks, and the responses to them.

Source: Napa-net.org, December 2020

Cybersecurity Risks Still Lurking for Retirement Plan Sponsors

Plan sponsors might think they can breathe a sigh of relief following a recent decision from U.S. District Judge Thomas Durkin for the Northern District of Illinois. The decision dismissed Abbott Laboratories from a lawsuit related to a cybersecurity theft from an employee’s retirement account, ruling that the plan participant failed to prove that Abbott itself is a fiduciary concerning the alleged failures. But the federal court decision does not let plan sponsors off the hook, and various state laws may be applied to cases against them.

Source: Plansponsor.com, November 2020

Five Steps to Cybersecurity

Recent reports of 401k thefts and an ongoing concern about cybersecurity should have everybody on the alert. Here are five things you, your plan sponsor clients, and their participants should check out.

Source: Napa-net.org, November 2020

DOL to Issue Guidance, Ramp up Investigations on Cybersecurity

The Department of Labor is working on a guidance package addressing cybersecurity issues as they relate to plan sponsors and third-party providers, a key official said Oct. 28. He also expects to see more focus in the department's investigations on the adequacy of various cybersecurity programs, especially for large plans in terms of making sure the providers they hire are observing good cybersecurity practices.

Source: Napa-net.org, October 2020

ERISA/Cybersecurity Considerations in the COVID Age

Plan fiduciaries are now faced with the detailed compliance requirements of ERISA and cybersecurity laws including data breach matters. So, what can fiduciaries do to minimize their cybersecurity liability?

Source: Foley.com, October 2020

Cybertheft Lawsuit: Claims Dismissed Against Plan Sponsor but Move Forward Against Recordkeeper

For the court, the determinative issue at this stage of the litigation was the fiduciary status of each of the defendants. As described here, the court concluded that Alight was the only defendant sufficiently alleged to be a fiduciary, and thus dismissed all claims against the Abbott Labs defendants but allowed the claims against Alight to move forward. The case highlights the evolving nature of ERISA cyber-security litigation and represents the second case where plaintiffs survived a motion to dismiss alleging that plan service providers were fiduciaries when allegedly failing to prevent cyber fraud from draining participant accounts.

Source: Groom.com, October 2020

Court Says TPA May Be Held Liable for ERISA Fiduciary Breach and Consumer Fraud

The opinion is unique because it raises important questions -- not just about the scope of a TPA's ERISA fiduciary liability for distributing plan benefits that end up in a cyber criminal's pocket -- but whether ERISA plan TPA's can be sued for both ERISA fiduciary breach claims and state law consumer fraud claims resulting from the same alleged misconduct: the failure to enact cybersecurity procedures that prevent the theft of plan assets. The result of the Abbott decision has serious implications.

Source: Wagnerlawgroup.com, October 2020

Recent Cybersecurity Breach Case Proves Risks Are Rife for Both Retirement Plan Sponsors and Service Providers

ERISA became law before the computer age, so there are no provisions in the Act dealing with cybersecurity. Also, there is no formal guidance from the IRS or Department of Labor on cybersecurity responsibilities either, leaving it to the courts to determine responsibilities under ERISA when a cybersecurity breach occurs that results in theft from a participant’s account. This was the case in Leventhal v. MandMarblestone Group LLC, where a plan participant sued his third-party plan administrator and plan custodian after his 401k account was drained by cybercriminals.

Source: Hallbenefitslaw.com, October 2020

Abbott Defendants are Dismissed From Plan Cybertheft Lawsuit-At Least for Now

The plaintiff named Abbott Labs as a defendant, but the court dismissed these claims on the ground that the plaintiff did not show that Abbott Labs acted as a fiduciary or was identified as a fiduciary in the plan document. No acts were specified that linked Abbott to the alleged theft, and a complaint must allege that Abbott acted in a fiduciary capacity when it took actions that were the basis for the lawsuit.

Source: Cohenbuckmann.com, October 2020

Tips to Help Protect 401k Participants From Fraud in Turbulent Times

We know fraudsters are looking to exploit elements of the CARES Act that provide retirement plan sponsors the ability to allow in-service distributions, loans, and withdrawals free of fees. The combination of the work-from-home model most workers are experiencing, coupled with the anxiety and emotional distress retirement plan participants could be feeling given market volatility and job losses related to the pandemic provides a ripe target. Here are several tips plan sponsors can share with participants to promote fraud prevention.

Source: 401kspecialistmag.com, October 2020

Abbott Escapes Retirement Plan Cybersecurity Suit

Abbott Laboratories defendants have been dismissed from a lawsuit alleging failures related to an employee's retirement account theft. District Judge Thomas M. Durkin of the U.S. District Court for the Northern District of Illinois, however, denied recordkeeper Alight Solutions' motion to dismiss.

Source: Planadviser.com, October 2020

Cybersecurity More Effective if Regularly Reinforced, Study Says

Memory fades. But how fast? Within six months, at least regarding cybersecurity protocols, according to a study of how long employees retained the security measures they had learned. Researchers who studied 409 employees found that they were able to identify which emails were legitimate and which were phishing immediately after a security awareness and education program was conducted, and even four months after. But after half a year had elapsed, that was not the case.

Source: Asppa.org, October 2020

Cybersecurity for Retirement Plans

The monetary assets of the participant accounts are plan assets, and a plan fiduciary must exercise prudence to protect them from theft, including theft through a cyber breach. Plan sponsors have a fiduciary duty to ensure that their recordkeepers are providing appropriate security measures for protecting plan assets from unauthorized activity. If an employee's personal information has been compromised, or her identity stolen, her retirement accounts are at risk.

Source: Employeebenefitslawblog.com, September 2020

Are Cybercriminals Stalking Your 401k Plan?

The answer is yes. The assets of 401k and other retirement plans represent a significant financial asset and present an inviting target for cybercriminals. Employers who sponsor these plans are almost always plan fiduciaries and likely targets of suits over unauthorized plan withdrawals. Plan sponsors should consider their cybersecurity protective measures and make sure that plan service providers have taken appropriate steps to secure the confidentiality of participants' personal information.

Source: Gct.law, September 2020

Cybersecurity Risk Considerations for 401k Plans

Cybercriminals have become increasingly sophisticated when targeting organizations holding significant assets and personal data. As a result, complaints have been filed and case law is developing that should motivate plan sponsors to satisfy their fiduciary duty to enact prudent procedures and safeguards to protect plan assets and plan data.

Source: Cpajournal.com, September 2020

The Uncertain Legal Landscape for Plan Fiduciaries Over Cybersecurity Challenges

It is hard to imagine that the drafters of ERISA envisioned a day would come when retirement plans would be administered electronically and distribution of paper notices and disclosures to plan participants might become a thing of the past. However, the retirement industry seems to be swiftly moving that direction. This creates a new liability source for the plan and its service providers.

Source: Wagnerlawgroup.com, September 2020

Abbott Data Breach Suit Provides Lessons for Plan Sponsors to Protect Against Potential Liability

On April 3, 2020, a participant in the Abbott Corporate Benefits Stock Retirement Plan, Heide Bartnett, filed a complaint against her employer and Alight Solutions, the Plan's contract administrator and recordkeeper, for allegedly processing a fraudulent $245,000 distribution from Ms. Bartnett's Plan account to an unknown person that impersonated her. In response and further demonstrating the lack of clarity on who is liable when a plan suffers a data breach, on June 30, Abbott Laboratories and Alight Solutions pointed fingers at each other in dueling motions.

Source: Wagnerlawgroup.com, September 2020

Know Your Rights Under ERISA to Prevent Pension Fraud

Although the defined benefit plan may be falling by the wayside, many believe that pensions are still a hotbed for fraud. This belief is due in large part to the general nature of a pension and the large amounts of money accumulated over time that is inaccessible to the intended recipient until some future point in time. Under ERISA, employers and fund managers can be held liable for damages sustained when employees are defrauded of their pension assets.

Source: Eisneramper.com, August 2020

Best Practices for ERISA Fiduciary Responsibilities and Cybersecurity for Retirement Plans

Data and personally identifiable information have become increasingly more vulnerable to attack as it travels on employer and third-party systems. This has been partially due to the recent advancements in plan administration, technology, online enrollment, and electronic access to account information, the electronic delivery of disclosures including benefit statements, as well as benefit plan transaction processing (including self-certifications of distributions). Most transactions involving retirement plans are conducted electronically, including maintaining and sharing data and information across multiple platforms. This article guides plan fiduciaries of retirement plans on developing prudent policies and procedures to secure information and data.

Source: Ebglaw.com, July 2020

Preventing Cyber Theft of Plan Assets Before It Is Too Late

In the employee benefit plan landscape, cyber theft of participant accounts is a disaster waiting to happen. Whether or not you are liable as a plan sponsor, is a situation you do not want to be in. Fortunately, there are steps plan sponsors can take to safeguard participant accounts from cyber theft.

Source: Orba.com, July 2020

New Cybersecurity Decision Highlights Potential Claims Against Plan Sponsors

Based on long-standing ERISA law, it seems likely that plan sponsors will be held accountable for failing to fulfill their fiduciary responsibilities of prudence and loyalty when the vendors they hire allow a breach to occur. However, one reason the law has not been clarified to date is that often these participant claims have been settled quietly. Even a much-publicized lawsuit against Estee Lauder and its plan committee ended up being settled before trial. A pending suit against Abbott Labs could proceed to trial and there have also been two preliminary decisions in another case with the potential to clarify the rules.

Source: Cohenbuckmann.com, July 2020

Risk for Cyberattacks Heightened as Remote Work Continues

The widespread move to remote work in light of the COVID-19 pandemic means plan sponsors should take a careful look at their cybersecurity measures. To drive the urgency home, lawsuits alleging cyberfraud negligence have been on the rise. MandMarblestone Group, Nationwide, Abbott Laboratories, Alight Solutions, and Estee Lauder have all faced litigation in the past year.

Source: Plansponsor.com, July 2020

Man Accused of Stealing Boeing IDs, Looting Retirement Plan

A federal grand jury on Tuesday indicted an Orange County, California man on charges that he fraudulently obtained access to Boeing employees' retirement accounts. The man is accused of siphoning their money by making hundreds of thousands of dollars' worth of fraudulent money transfers to himself.

Source: 401kspecialistmag.com, July 2020

Plan Sponsor and Service Provider Submit Dueling Motions to Dismiss in Response to Data Breach Suit

Further demonstrating the lack of clarity on who is liable when a plan suffers a data breach, on June 30th, Abbott Laboratories and Alight Solutions pointed fingers at each other in dueling motions to dismiss a complaint that alleged both were fiduciaries in connection with a plan data breach that stole $245,000 from a participant's plan account. The Northern District of Illinois will now have to decide if, based on the complaint's allegations, either Abbott or Alight (or both) could have (i) fiduciary responsibility concerning the theft of funds from the participant's account and whether (ii) the plan participant has pled a plausible claim of fiduciary breach.

Source: Wagnerlawgroup.com, July 2020

Best Practices for Plan Sponsors to Address Cybersecurity Concerns

The increased flow of electronic communications risks the potential exposure of participants' confidential and personal data to cybercriminals and, in turn, creates a new liability source for the plan and its service providers. The procedures many plan sponsors, third-party administrators, and recordkeepers currently have in place to exchange data or manage and verify participant withdrawals may no longer be prudent or feasible. Because of the urgency in dealing with this problem, the time is now for plan sponsors, plan fiduciaries, and plan service providers to address and reevaluate cybersecurity concerns, to ensure they and their participants will not fall victim to fraud, hacking or phishing schemes.

Source: Wagnerlawgroup.com, June 2020

Coping With the Increase in 401k Cyberattacks and Fraudulent Plan Distributions

Plan sponsor employers and employees participating in 401k or other retirement plans should be aware of cybersecurity breaches and unauthorized plan distributions. The heightened level of plan distributions coupled with the security risks associated with electronic communications and the "new normal" of working remotely, sometimes on personal computers, may increase the exposure of participants' confidential and personal data to cybercriminals. While employees may envision their 401k plans as safely tucked away for retirement, their accounts may be vulnerable to cyber fraud.

Source: Gtlaw.com, June 2020

Cybersecurity Considerations for Plan Sponsors

Across the retirement industry, technology and digitization are delivering significant enhancements for participants and plan sponsors. Benefits include personalization, automation, and data analytics. But the increasing usage and reliance on technology come at an additional cost, cybersecurity. A recently filed ERISA lawsuit underscores the importance that cybersecurity plays in the fiduciary process, both for plan sponsors and service providers, and could serve as a harbinger of things to come.

Source: Greenspringadvisors.com, June 2020

Court Decision Highlights the Dangers of Cybersecurity Breaches for Both Plan Sponsors and Plan Service Providers

The Leventhal decision comes against the backdrop of our current economic climate that, to be sure, raises the stakes for retirement plan cybersecurity. Plan sponsors are operating in a novel environment, where more employees are working remotely than ever before, many of their participants might be furloughed or unemployed, and the CARES Act makes it more accessible and attractive for employees to withdraw from their 401k plans. The collision of these factors makes securing participant retirement accounts all the more vital. The Leventhal case highlights the importance of protecting against cybersecurity breaches amid these unusual times.

Source: Wagnerlawgroup.com, June 2020

Retirement Plan Cyberfraud Suit Moves On With Claims Against Both Parties

Jess Leventhal, The Leventhal Sutton & Gornstein 401k Profit Sharing Plan, and Leventhal Sutton & Gornstein, Attorneys at Law sued MandMarblestone Group and Nationwide for breach of contract, breach of fiduciary duty under the ERISA and negligence related to cyberfraud against Jess Leventhal's plan account. A federal judge previously moved forward ERISA claims against retirement plan providers and has recently allowed for a counterclaim by the providers against the plan sponsor.

Source: Planadviser.com, May 2020

Cybersecurity and Retirement Plans: What Plan Sponsors Should Do

Without substantive regulatory guidance and taking into account the increasing threat of cyber criminality to retirement plans, plan sponsors should establish, evaluate, and test their cybersecurity protocols. Plan sponsors might want to take a conservative approach and assume that ERISA's duties of loyalty and prudence do indeed apply to participants' identification data and their plan benefits in case the DOL or the courts conclude such information do constitute plan assets for purposes of ERISA.

Source: Wagnerlawgroup.com, May 2020

Seven Sensible Cybersecurity Steps for 401k Plan Sponsors

When the actual funds in an individual's retirement account are stolen, ERISA's fiduciary protections will apply, and HIPAA responsibilities will also apply if the breach involves unauthorized access to Protected Health Information. The question then becomes, who will be liable when plan assets are stolen and what do fiduciaries need to do to protect themselves from liability.

Source: 401kspecialistmag.com, May 2020

How 401k Plan Sponsors Can Better Shield 401k Participants From External Fraud

In today's world, the money isn't in the banks. It's in retirement plans. And smart thieves don't crack safes or use dynamite. They steal identities and use the internet. In our current stay-safe-at-home policies, we have never seen retirement accounts more at risk today than ever before. It's not that the plan sponsors are lax. It's that their employees may be.

Source: Fiduciarynews.com, April 2020

New Lawsuit Could Clarify Fiduciary Responsibility for Cybersecurity

Abbott, as the plan sponsor, is a fiduciary and was responsible for supervising Alight's procedures for safeguarding plan assets, yet the complaint provides no information about what Abbot did or did not do to monitor Alight. Abbott may also have breached its duties of loyalty and prudence by its failure to hire a vendor with adequate internal procedures. In that event, Abbott and its fiduciaries would also be required to restore the loss.

Source: Cohenbuckmann.com, April 2020

New Lawsuit Alleges Fiduciary Breaches for Quarter Million Dollar Cybertheft

A recently-filed lawsuit describes in specific detail the efforts cybercriminals often take to pilfer assets from retirement accounts. As a complaint, the filing provides only the plaintiff's version of what happened, and we have not yet heard from the defendants. But the complaint is particularly interesting in its description of how the theft occurred and may point to some useful approaches to try to reduce future fraud.

Source: Groom.com, April 2020

Alleged Fraud Drains Retiree's 401k; Plan's Administrator Facing Federal Probe

When Heide Bartnett went to the mailbox in January 2019 and opened up her 401k statement, she expected to see a robust balance. Instead, she saw lines of zeros and an unauthorized $245,000 withdrawal. She filed a federal lawsuit in Chicago against Abbott and Alight Solutions alleging they failed to protect her retirement savings plan and seeking to recover the $245,000 plus damages. While Bartnett's lawsuit is focused on a single alleged victim, the problem of 401k cyberfraud is widespread, experts say.

Source: Chicagotribune.com, April 2020

Securing Retirement Plans: Cybersecurity Best Practices

Plan sponsors and their fiduciaries should consider taking proactive steps to protect their participants and their plan assets. This article reviews retirement plans cybersecurity best practices plan sponsors should consider adhering to safeguard against cyberattacks.

Source: Planpilot.com, March 2020

Plan Fiduciaries Beware! Strategies for Avoiding Cybersecurity Breach of Benefit Plan Documents

Plan fiduciaries have numerous responsibilities under the law when administering programs and handling participant funds and benefits, including the responsibility to make sure the technology they choose to use is secure. A cybersecurity breach, especially one that exposes personal identification information or leads to a loss of funds, can create significant liability for the plan. Here's what you should do.

Source: Hallbenefitslaw.com, March 2020

Retirement Plan Providers Confront Need for Cybersecurity Measures

Cybersecurity has emerged as a top issue for retirement specialist advisors, 80% rate data security/cybersecurity very important, deeming it the single most important factor when evaluating recordkeepers. At the same time, it represents a growing concern and significant expense for plan providers, particularly recordkeepers and third-party administrators.

Source: Cerulli.com, March 2020

Are Your Practice(s) Cyber Secure?

Fraudulent distribution requests are on the rise and it is not always clear who is responsible and/or who is at fault for security breaches that deplete an unsuspecting participant’s retirement savings. Data privacy is an emerging concern for ERISA plan fiduciaries and service providers alike, do you know where your liabilities are?

Source: Asppa.org, March 2020

Parties in 401k Account Data Breach Suit Announce Settlement

A former participant in the Estee Lauder 401k plan (who sued the plan sponsor and plan providers for failing to safeguard her retirement account), the plan's recordkeeper Alight Solutions, and Estee Lauder have filed a Notice of Settlement in the U.S. District Court for the Northern District of California. Details of the settlement in the first case of its kind to call into question the cybersecurity defenses a plan sponsor and its providers had in place for retirement account fraud have not yet been revealed.

Source: Plansponsor.com, March 2020

Cybersecurity Strategies for the Adviser Industry

Retirement plan advisers not only have rigorous cybersecurity responsibilities of their own, they also need to proactively help their plan sponsor clients establish airtight cybersecurity firewalls and procedures, industry experts say.

Source: Planadviser.com, February 2020

Cybersecurity Considerations for the DOL's New Electronic Disclosure Rule

While transitioning to a modern communication format to increase convenience and lower costs sounds very attractive, plan sponsors have a fiduciary responsibility to ensure that participants' data are protected. The proposed rule remains vague regarding data protection requirements, simply stating that plan administrators must take reasonable measures to ensure confidential information is safeguarded.

Source: Bdo.com, February 2020

Cybersecurity: Knowledge Is Security

Sometimes what you don't know is as important as what you know. The responsibility to protect plan data falls on three parties, according to Bruce Ashton: (1) service providers; (2) plan sponsors/fiduciaries; and (3) participants. "Much of the scrutiny regarding cybersecurity will fall on you as service providers," he remarked.

Source: Asppa.org, February 2020

A Cautionary Tale About Cybersecurity

Your friend's Facebook account was hacked, your neighbor was part of the Equifax data breach, your client's credit card was charged fraudulently, but never do you think it could happen to you. Well, it could. This article shares a story about a near personal identifiable information mishap and a new marketing idea on how you can approach prospects to win more retirement plan business.

Source: Napa-net.org, January 2020


401khelpcenter.com, LLC is not the author of the material referenced in this digest unless specifically noted. The material referenced was created, published, maintained, or otherwise posted by institutions or organizations independent of 401khelpcenter.com, LLC. 401khelpcenter.com, LLC does not endorse, approve, certify, or control this material and does not guarantee or assume responsibility for the accuracy, completeness, efficacy, or timeliness of the material. Use of any information obtained from this material is voluntary, and reliance on it should only be undertaken after an independent review of its accuracy, completeness, efficacy, and timeliness. Reference to any specific commercial product, process, or service by trade name, trademark, service mark, manufacturer, or otherwise does not constitute or imply endorsement, recommendation, or favoring by 401khelpcenter.com, LLC.


About | Glossary | Privacy Policy | Terms of Use | Contact Us

Creative Commons License
This work is licensed under a Creative Commons Attribution-NoDerivatives 4.0 International License.